diff --git a/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/config/WebSecurityConfig.kt b/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/config/WebSecurityConfig.kt
index 40f9ff5..8162a75 100644
--- a/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/config/WebSecurityConfig.kt
+++ b/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/config/WebSecurityConfig.kt
@@ -141,8 +141,6 @@ class WebSecurityConfig(
         }
 
         http
-            .cors()
-            .and()
             .headers().frameOptions().disable()
             .and()
             .csrf().disable()
@@ -170,7 +168,10 @@ class WebSecurityConfig(
                 .antMatchers(HttpMethod.GET, "/api/employee/current").authenticated()
                 .generateAuthorizations()
         } else {
-            http.authorizeRequests()
+            http
+                .cors()
+                .and()
+                .authorizeRequests()
                 .antMatchers("**").permitAll()
         }
     }