diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
index 5063476..902ef45 100644
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@@ -118,18 +118,18 @@ export class AuthService {
   }
 
   getCookieOptions(isRefreshToken = false) {
-    // const isProduction =
-    //   this.configService.get<string>("NODE_ENV") === "production";
-    // const cookieSecure =
-    //   this.configService.get<string>("COOKIE_SECURE") === "true";
-    // const domain = this.configService.get<string>("COOKIE_DOMAIN");
+    const isProduction =
+      this.configService.get<string>("NODE_ENV") === "production";
+    const cookieSecure =
+      this.configService.get<string>("COOKIE_SECURE") === "true";
+    const domain = this.configService.get<string>("COOKIE_DOMAIN");
 
     return {
       httpOnly: true,
-      // secure: isProduction || cookieSecure,
+      secure: true,
       sameSite: "none" as const,
       path: isRefreshToken ? "/auth/refresh" : "/",
-      // domain: domain,
+      domain: domain,
       maxAge: isRefreshToken ? 7 * 24 * 60 * 60 * 1000 : 15 * 60 * 1000,
     };
   }
diff --git a/src/main.ts b/src/main.ts
index 7e1d02b..9ee9dff 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -12,8 +12,25 @@ async function bootstrap() {
   app.enableCors({
     origin: corsOrigins,
     credentials: true,
-    methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
-    allowedHeaders: ["Content-Type", "Authorization", "X-Requested-With"],
+    allowedHeaders: [
+      "Content-Type",
+      "Authorization",
+      "X-Requested-With",
+      "Accept",
+      "Origin",
+      "Access-Control-Request-Method",
+      "Access-Control-Request-Headers",
+      "Cache-Control",
+    ],
+    exposedHeaders: [
+      "Authorization",
+      "Set-Cookie",
+      "Access-Control-Allow-Origin",
+      "Access-Control-Allow-Credentials",
+    ],
+    preflightContinue: false,
+    optionsSuccessStatus: 204,
+    maxAge: 86400, // 24 hours
   });
 
   app.use(cookieParser());