diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 399b368..9c1efd5 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -3,19 +3,11 @@ class ApplicationController < ActionController::Base
   before_action :authenticate_user!
   before_action :set_locale
   layout :layout_by_resource
-  after_action :set_headers
 
   def set_locale
     I18n.locale = params[:lang] || I18n.default_locale
   end
 
-  def set_headers
-    headers['Access-Control-Allow-Origin'] = '*'
-    headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
-    headers['Access-Control-Request-Method'] = '*'
-    headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'
-  end
-
   protected
 
   def layout_by_resource
diff --git a/config/application.rb b/config/application.rb
index 7622a71..b6e9294 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -13,14 +13,6 @@ module InvoiceKeeper
     # -- all .rb files in that directory are automatically loaded.
     config.i18n.load_path += Dir[Rails.root.join('config', 'locales', '**', '*.{rb,yml}').to_s]
     config.i18n.default_locale = :pl
-    config.action_dispatch.default_headers.merge!({'X-Frame-Options' => 'ALLOWALL'})
-    config.middleware.insert_before 0, Rack::Cors do
-      allow do
-        origins '*'
-        resource '*', :headers => :any, :methods => [:get, :post, :options]
-      end
-    end
-
 
     config.assets.paths << Rails.root.join('app', 'assets', 'fonts')
     config.assets.precompile += %w( .svg .eot .woff .ttf .otf .woff2 )