diff --git a/config/conf/corsheaders.py b/config/conf/corsheaders.py
index 0c2fd28..0f90219 100644
--- a/config/conf/corsheaders.py
+++ b/config/conf/corsheaders.py
@@ -1,19 +1,16 @@
-# CORS_ALLOWED_ORIGINS = [
-#     "https://example.com",
-#     "http://localhost:3000",
-# ]
-
 CORS_ALLOW_ALL_ORIGINS = True
-
 CORS_ALLOW_CREDENTIALS = True
 
-CSRF_TRUSTED_ORIGINS = [
-    'https://api.meridynpharma.com/',
-]
-
 CORS_ALLOW_METHODS = [
     "DELETE",
     "GET",
+    "OPTIONS",
+    "PATCH",
     "POST",
     "PUT",
+]
+
+CSRF_TRUSTED_ORIGINS = [
+    'https://api.meridynpharma.com',
+    'https://meridynpharma.com',
 ]
\ No newline at end of file
diff --git a/config/settings/base.py b/config/settings/base.py
index b0a6ee0..c7e0255 100644
--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -30,9 +30,9 @@ INSTALLED_APPS = [
 ]
 
 MIDDLEWARE = [
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
-    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',