diff --git a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
index 9faff1bb1ac19cd966714df759a77cf096b819fe..d8ec1acfbc932f8cb5faa1a42199904ffc88a092 100644
--- a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
@@ -106,7 +106,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                     .and().csrf().ignoringAntMatchers("/logout").csrfTokenRepository(csrfTokenRepository())
                     .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
                     .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
-        
+        }
         else {
             http.antMatcher("/**")
                     .authorizeRequests()
diff --git a/src/main/java/eu/hbp/mip/controllers/SecurityApi.java b/src/main/java/eu/hbp/mip/controllers/SecurityApi.java
index 358a73d774ee2fb608123d75659918386674d274..a37c9e87a3dd2b5432a98d9f917ed779a54435e6 100644
--- a/src/main/java/eu/hbp/mip/controllers/SecurityApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/SecurityApi.java
@@ -55,9 +55,9 @@ public class SecurityApi {
         }
 
         if (!securityConfiguration.isAuthentication()) {
-            // if (!userInfo.isFakeAuth()) {
-            //     response.setStatus(401);
-            // }
+            if (!userInfo.isFakeAuth()) {
+                response.setStatus(401);
+            }
             String principalJson = "{\"principal\": \"anonymous\", \"name\": \"anonymous\", \"userAuthentication\": {" +
                     "\"details\": {\"preferred_username\": \"anonymous\"}}}";
             return new Gson().fromJson(principalJson, Object.class);
diff --git a/src/main/java/eu/hbp/mip/utils/CORSFilter.java b/src/main/java/eu/hbp/mip/utils/CORSFilter.java
index bd08758689636b588c4d7e9d010cd0e536e3acc9..ef3b35353afdf70877318e706bc9f753f3687635 100644
--- a/src/main/java/eu/hbp/mip/utils/CORSFilter.java
+++ b/src/main/java/eu/hbp/mip/utils/CORSFilter.java
@@ -14,11 +14,8 @@ public class CORSFilter implements Filter {
         HttpServletResponse response = (HttpServletResponse) res;
         response.setHeader("Access-Control-Allow-Origin", "*");
         response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
-        response.setHeader("Access-Control-Allow-Credentials", "true");
-        response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
-
         response.setHeader("Access-Control-Max-Age", "3600");
-        // response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
+        response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
         chain.doFilter(req, res);
     }