diff --git a/delivery/controller/users_controller.go b/delivery/controller/users_controller.go
index 0e4031d..a944b0e 100644
--- a/delivery/controller/users_controller.go
+++ b/delivery/controller/users_controller.go
@@ -18,8 +18,8 @@ type UsersController struct {
 
 func (uc *UsersController) Route() {
 	rg:= uc.rg.Group("/users")
-	rg.Use(middleware.RateLoginMiddleware())
 	rg.Use(middleware.CORSMiddleware())
+	rg.Use(middleware.RateLoginMiddleware())
 	rg.OPTIONS("/login", func(c *gin.Context) {
 		c.Status(http.StatusNoContent)
 	})
diff --git a/middleware/cors_middleware.go b/middleware/cors_middleware.go
index 0a39dec..a1ba6dc 100644
--- a/middleware/cors_middleware.go
+++ b/middleware/cors_middleware.go
@@ -8,13 +8,12 @@ import (
 
 func CORSMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
+		c.Writer.Header().Set("Access-Control-Allow-Origin", "*") // Change to specific domains if needed
 		c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE")
-		c.Writer.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Requested-With")
-		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+		c.Writer.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
 
-		// Handle OPTIONS method
-		if c.Request.Method == "OPTIONS" {
+		// Allow OPTIONS method to pass through
+		if c.Request.Method == http.MethodOptions {
 			c.AbortWithStatus(http.StatusNoContent)
 			return
 		}