diff --git a/src/main/java/mb/oauth2authorizationserver/config/SecurityConfig.java b/src/main/java/mb/oauth2authorizationserver/config/SecurityConfig.java
index 376a6e6..6a00231 100644
--- a/src/main/java/mb/oauth2authorizationserver/config/SecurityConfig.java
+++ b/src/main/java/mb/oauth2authorizationserver/config/SecurityConfig.java
@@ -11,6 +11,7 @@
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -44,6 +45,8 @@ SecurityFilterChain asSecurityFilterChain(HttpSecurity httpSecurity) throws Exce
         OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(httpSecurity);
 
         return httpSecurity
+                .cors(AbstractHttpConfigurer::disable)
+                .csrf(AbstractHttpConfigurer::disable)
                 .getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                 .oidc(withDefaults())
                 .and()