diff --git a/Rasaddam_Backend/settings.py b/Rasaddam_Backend/settings.py
index 1e58290..6c78a6e 100644
--- a/Rasaddam_Backend/settings.py
+++ b/Rasaddam_Backend/settings.py
@@ -35,8 +35,7 @@ ALLOWED_HOSTS = [
     'https://api.rasadyaar.net',
     'https://api.dam.rasadyaar.net',
     'http://localhost:3000',
-    'http://192.168.88.130:3000',
-    '*'
+    'http://192.168.88.130:3000'
 ]
 
 # Application definition
@@ -280,7 +279,8 @@ DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
 DATA_UPLOAD_MAX_MEMORY_SIZE = 50242880
 
-CORS_ORIGIN_ALLOW_ALL = True
+CORS_ORIGIN_ALLOW_ALL = False
+CORS_ALLOW_CREDENTIALS = True
 
 # CORS_ORIGIN_WHITELIST = (
 #     # 'http://localhost:8080',
@@ -292,15 +292,14 @@ CORS_ORIGIN_ALLOW_ALL = True
 #     '*',
 # )
 #
-# CORS_ALLOWED_ORIGINS = (
-#     # 'http://localhost:8080',
-#     # 'http://127.0.0.1:8080',
-#     # 'http://127.0.0.1:3000',
-#     # 'http://localhost:3000',
-#     # 'http://192.168.88.130:3000',
-#     # 'https://rasadyar.net'
-#     '*',
-# )
+CORS_ALLOWED_ORIGINS = (
+    'http://localhost:8080',
+    'http://127.0.0.1:8080',
+    'http://127.0.0.1:3000',
+    'http://localhost:3000',
+    'http://192.168.88.130:3000',
+    'https://rasadyar.net'
+)
 
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 SECURE_SSL_REDIRECT = False