diff --git a/internal/transport/middleware/cors_middleware.go b/internal/transport/middleware/cors_middleware.go
new file mode 100644
index 0000000..23d62cc
--- /dev/null
+++ b/internal/transport/middleware/cors_middleware.go
@@ -0,0 +1,19 @@
+package middleware
+
+import "github.com/gin-gonic/gin"
+
+func CORSMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
+		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
+		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")
+
+		if c.Request.Method == "OPTIONS" {
+			c.AbortWithStatus(204)
+			return
+		}
+
+		c.Next()
+	}
+}
diff --git a/internal/transport/server.go b/internal/transport/server.go
index c33672a..f166268 100644
--- a/internal/transport/server.go
+++ b/internal/transport/server.go
@@ -47,9 +47,9 @@ func (s *Server) Start() {
 	var AllowOrigins = []string{"*"}
 	corsConfig := cors.DefaultConfig()
 	corsConfig.AllowOrigins = AllowOrigins
-	s.gin.Use(cors.New(corsConfig))
+	s.gin.Use(middleware.CORSMiddleware())
 	s.gin.Use(middleware.MetricMiddleware())
-	s.gin.Use(middleware.PermissionMiddleware(s.dependencies.Service.AuthService))
+	//s.gin.Use(middleware.PermissionMiddleware(s.dependencies.Service.AuthService))
 	s.router()
 	metrics.AdminHandler()