diff --git a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/AuthorizationConfiguration.java b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/AuthorizationConfiguration.java
index 325bfcb..87175f4 100644
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/AuthorizationConfiguration.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/AuthorizationConfiguration.java
@@ -1,27 +1,10 @@
 package eu.dnetlib.uoaauthorizationlibrary.configuration;
 
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
 @EnableConfigurationProperties({SecurityConfig.class, GlobalVars.class})
 @ComponentScan(basePackages = { "eu.dnetlib.uoaauthorizationlibrary" })
-public class AuthorizationConfiguration {
-
-    @Bean
-    public WebMvcConfigurer corsConfigurer() {
-        return new WebMvcConfigurer() {
-            @Override
-            public void addCorsMappings(CorsRegistry registry) {
-                registry.addMapping("/**")
-                        .allowedOriginPatterns("*")
-                        .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
-                        .allowCredentials(true);
-            }
-        };
-    }
-}
+public class AuthorizationConfiguration { }
diff --git a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/CorsAllowFilter.java b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/CorsAllowFilter.java
new file mode 100644
index 0000000..b491b23
--- /dev/null
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/CorsAllowFilter.java
@@ -0,0 +1,26 @@
+package eu.dnetlib.uoaauthorizationlibrary.configuration;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@Component
+public class CorsAllowFilter extends OncePerRequestFilter {
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+                                    FilterChain filterChain) throws ServletException, IOException {
+        response.addHeader("Access-Control-Allow-Origin", "*");
+        response.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS, HEAD");
+        response.addHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
+        response.addHeader("Access-Control-Expose-Headers", "Access-Control-Allow-Origin, Access-Control-Allow-Credentials");
+        response.addHeader("Access-Control-Allow-Credentials", "true");
+        response.addIntHeader("Access-Control-Max-Age", 10);
+        filterChain.doFilter(request, response);
+    }
+}
diff --git a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/WebSecurityConfig.java b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/WebSecurityConfig.java
index 039e192..0d297bd 100644
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/WebSecurityConfig.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/WebSecurityConfig.java
@@ -1,5 +1,6 @@
 package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
 
+import eu.dnetlib.uoaauthorizationlibrary.configuration.CorsAllowFilter;
 import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -18,10 +19,12 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationFi
 public class WebSecurityConfig {
 
     private final AuthorizationFilter filter;
+    private final CorsAllowFilter corsFilter;
 
     @Autowired
-    public WebSecurityConfig(AuthorizationFilter filter) {
+    public WebSecurityConfig(AuthorizationFilter filter, CorsAllowFilter corsFilter) {
         this.filter = filter;
+        this.corsFilter = corsFilter;
     }
 
     @Bean
@@ -32,6 +35,7 @@ public class WebSecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.csrf(AbstractHttpConfigurer::disable);
+        http.addFilter(corsFilter);
         http.addFilterBefore(filter, BasicAuthenticationFilter.class);
         http.exceptionHandling(handler -> handler.authenticationEntryPoint(this.entryPoint()));
         http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());