diff --git a/README.md b/README.md
index 8609b89..b44dae6 100644
--- a/README.md
+++ b/README.md
@@ -79,6 +79,7 @@
                 <extensions>
                     <extension class="Zenstruck\Browser\Test\BrowserExtension" />
                 </extensions>
+
     ddev exec php bin/phpunit --filter=testPostToCreateNewUserPost
 
     ddev composer require --dev mtdowling/jmespath.php
diff --git a/config/packages/nelmio_cors.yaml b/config/packages/nelmio_cors.yaml
index c766508..1ef2242 100644
--- a/config/packages/nelmio_cors.yaml
+++ b/config/packages/nelmio_cors.yaml
@@ -1,10 +1,13 @@
 nelmio_cors:
     defaults:
         origin_regex: true
-        allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
+#        allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
         allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
-        allow_headers: ['Content-Type', 'Authorization']
-        expose_headers: ['Link']
+#        allow_headers: ['Content-Type', 'Authorization']
+#        expose_headers: ['Link']
+        expose_headers: ['*']
+        allow_origin: [ '*' ]
+        allow_headers: [ '*' ]
         max_age: 3600
     paths:
         '^/': null
diff --git a/src/ApiResource/PostingApi.php b/src/ApiResource/PostingApi.php
index e6ac88f..385676d 100644
--- a/src/ApiResource/PostingApi.php
+++ b/src/ApiResource/PostingApi.php
@@ -39,7 +39,7 @@ use Symfony\Component\Validator\Constraints\NotBlank;
         )
     ],
     paginationItemsPerPage: 10,
-    security: 'is_granted("ROLE_USER")',
+//    security: 'is_granted("ROLE_USER")',
     provider: EntityToDtoStateProvider::class,
     processor: EntityClassDtoStateProcessor::class,
     stateOptions: new Options(entityClass: Posting::class),