diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
index ad12eb4..7c5b4e7 100644
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
@@ -80,14 +80,17 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                         .allowedOrigins(allowedOrigins)
                         .exposedHeaders(SecurityConstants.JWT_TOKEN_HEADER);
 
-                String[] allowedMethods = List.of(GET, POST, PUT, DELETE)
+                String[] allowedMethods = List.of(GET, POST, PUT, DELETE, OPTIONS)  // Add OPTIONS
                         .stream()
                         .map(Enum::name)
                         .toArray(String[]::new);
 
                 registry.addMapping("/**")
                         .allowedMethods(allowedMethods)
-                        .allowedOrigins(allowedOrigins);
+                        .allowedOrigins(allowedOrigins)
+                        .allowedHeaders("*")              // Add this
+                        .allowCredentials(true)           // Add this
+                        .maxAge(3600);                    // Add this
             }
         };
     }
diff --git a/support-portal-backend/src/main/resources/application.yml b/support-portal-backend/src/main/resources/application.yml
index 53016a2..4fcf2fd 100644
--- a/support-portal-backend/src/main/resources/application.yml
+++ b/support-portal-backend/src/main/resources/application.yml
@@ -53,7 +53,7 @@ app:
   # Added /uploads/** to public URLs
   public-urls: /user/login,/user/register,/user/*/profile-image,/user/*/profile-image/**,/professors,/professors/**,/api/posts,/api/posts/*,/api/posts/posted,/api/posts/tag/*,/api/posts/tags/count,/api/files/**,/uploads/**,/professor,/professor/*,/api/events,/api/events/*,/api/public/**,/api/jobs/active,/api/job-applications,/api/courses/active,/api/courses/*,/api/course-applications,/api/upcoming-events/active
   cors:
-    allowed-origins: http://localhost:4200,https://localhost:4200,http://localhost:3000,https://localhost:3000,http://art-support-portal.s3-website.eu-north-1.amazonaws.com,http://portal.shyshkin.net,https://maincmc.rootxwire.com,https://cmcbackend.rootxwire.com
+    allowed-origins: http://localhost:4200,https://localhost:4200,http://localhost:3000,https://localhost:3000,http://art-support-portal.s3-website.eu-north-1.amazonaws.com,http://portal.shyshkin.net,https://maincmc.rootxwire.com,https://cmcbackend.rootxwire.com,https://cmcadminfrontend.rootxwire.com
   jwt:
     secret: custom_text