diff --git a/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt b/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt
index c85fc03..bc0756c 100644
--- a/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt
+++ b/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt
@@ -7,7 +7,6 @@ import org.springframework.security.authentication.AuthenticationManager
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.CorsConfigurer
 import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
 import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
 import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
@@ -16,6 +15,10 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 import org.springframework.security.crypto.password.PasswordEncoder
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+import org.springframework.web.cors.CorsConfiguration
+import org.springframework.web.cors.CorsConfigurationSource
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource
+
 
 
 @Configuration
@@ -48,13 +51,25 @@ class SecurityConfig(private val authEntrypointJwt: AuthEntrypointJwt,
         return BCryptPasswordEncoder()
     }
 
+    @Bean
+    fun corsConfigurationSource(): CorsConfigurationSource {
+        val config = CorsConfiguration()
+        config.allowedOriginPatterns = listOf("*")
+        config.allowedMethods = listOf("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
+        config.allowedHeaders = listOf("*")
+        config.allowCredentials = true
+        val source = UrlBasedCorsConfigurationSource()
+        source.registerCorsConfiguration("/**", config)
+        return source
+    }
+
     @Bean
     @Throws(Exception::class)
     fun securityFilterChain(http: HttpSecurity): SecurityFilterChain? {
         // Updated configuration for Spring Security 6.x
         http
-            .csrf { csrf: CsrfConfigurer<HttpSecurity> -> csrf.disable() } // Disable CSRF
-            .cors { cors: CorsConfigurer<HttpSecurity> -> cors.disable() } // Disable CORS (or configure if needed)
+            .csrf { csrf: CsrfConfigurer<HttpSecurity> -> csrf.disable() }
+            .cors { cors -> cors.configurationSource(corsConfigurationSource()) }
             .exceptionHandling { exceptionHandling: ExceptionHandlingConfigurer<HttpSecurity> ->
                 exceptionHandling.authenticationEntryPoint(
                     authEntrypointJwt