diff --git a/backend/api/src/main/java/eu/okaeri/timings/api/security/SecurityConfig.java b/backend/api/src/main/java/eu/okaeri/timings/api/security/SecurityConfig.java
index 4461924..9d83afb 100644
--- a/backend/api/src/main/java/eu/okaeri/timings/api/security/SecurityConfig.java
+++ b/backend/api/src/main/java/eu/okaeri/timings/api/security/SecurityConfig.java
@@ -26,9 +26,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     public CorsFilter corsFilter() {
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         CorsConfiguration config = new CorsConfiguration();
-        config.setAllowCredentials(true);
+        config.setAllowCredentials(false);
         config.setAllowedOrigins(List.of("*"));
-        config.setAllowedHeaders(Arrays.asList("Origin", "Content-Type", "Accept", "Authorization"));
+        config.setAllowedHeaders(Arrays.asList("Origin", "Content-Type", "Accept"));
         config.setAllowedMethods(List.of("*"));
         source.registerCorsConfiguration("/**", config);
         return new CorsFilter(source);