diff --git a/internal/transport/middleware/cors_middleware.go b/internal/transport/middleware/cors_middleware.go
new file mode 100644
index 0000000..23d62cc
--- /dev/null
+++ b/internal/transport/middleware/cors_middleware.go
@@ -0,0 +1,19 @@
+package middleware
+
+import "github.com/gin-gonic/gin"
+
+func CORSMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
+		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
+		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")
+
+		if c.Request.Method == "OPTIONS" {
+			c.AbortWithStatus(204)
+			return
+		}
+
+		c.Next()
+	}
+}
diff --git a/internal/transport/server.go b/internal/transport/server.go
index 5f61406..f166268 100644
--- a/internal/transport/server.go
+++ b/internal/transport/server.go
@@ -44,14 +44,10 @@ func (s *Server) router() {
 
 func (s *Server) Start() {
 	s.gin.Use(ginzap.Ginzap(s.dependencies.Logger, time.RFC3339, false))
-	s.gin.Use(cors.New(cors.Config{
-		AllowOrigins:     []string{"*"},
-		AllowMethods:     []string{"PUT", "PATCH", "GET", "POST", "OPTIONS"},
-		AllowHeaders:     []string{"*", "x-session-token"},
-		ExposeHeaders:    []string{"Content-Length"},
-		AllowCredentials: true,
-		MaxAge:           24 * time.Hour,
-	}))
+	var AllowOrigins = []string{"*"}
+	corsConfig := cors.DefaultConfig()
+	corsConfig.AllowOrigins = AllowOrigins
+	s.gin.Use(middleware.CORSMiddleware())
 	s.gin.Use(middleware.MetricMiddleware())
 	//s.gin.Use(middleware.PermissionMiddleware(s.dependencies.Service.AuthService))
 	s.router()