diff --git a/config/settings.py b/config/settings.py
index d327b8bb..4d94c294 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -186,14 +186,14 @@
     "DELETE",
 ]
 CORS_ALLOW_HEADERS = [
-    # "X-CSRFToken",
-    # "Content-Type",
     "X-CSRFToken",
     "Content-Type",
-    "Authorization",
-    "X-Requested-With",
-    "Accept",
-    "Origin",
+    # "X-CSRFToken",
+    # "Content-Type",
+    # "Authorization",
+    # "X-Requested-With",
+    # "Accept",
+    # "Origin",
 ]
 
 
@@ -219,6 +219,13 @@
 ]
 CORS_ALLOWED_ORIGINS = list(set(CORS_ALLOWED_ORIGINS))
 
+CSRF_COOKIE_NAME = "csrftoken"
+if DEBUG:
+    CSRF_COOKIE_SECURE = False
+else:
+    CSRF_COOKIE_SECURE = True
+
+
 # print(CORS_ALLOWED_ORIGINS)