diff --git a/decide/administration/frontend/src/api/axios.ts b/decide/administration/frontend/src/api/axios.ts
index 0fa8b326ee..e3bbb48341 100644
--- a/decide/administration/frontend/src/api/axios.ts
+++ b/decide/administration/frontend/src/api/axios.ts
@@ -1,4 +1,4 @@
-import Axios, { AxiosRequestConfig } from "axios";
+import Axios from "axios";
 
 import { sessionUtils } from "utils";
 
@@ -6,18 +6,11 @@ const API_URL = "http://localhost:8000/administration/api";
 
 export const axios = Axios.create({
   baseURL: API_URL,
-});
-
-// Headers interceptor
-axios.interceptors.request.use((config: AxiosRequestConfig) => {
-  if (config.headers) {
-    // content-type
-    config.headers.Accept = "application/json";
-    config.headers.ContentType = "application/json";
-    config.headers["Access-Control-Allow-Origin"] = "*";
-  }
-
-  return config;
+  withCredentials: true,
+  headers: {
+    "Content-Type": "application/json",
+    Accept: "application/json",
+  },
 });
 
 // Auth interceptor (logout)
diff --git a/decide/decide/settings.py b/decide/decide/settings.py
index dc2e286702..d88a32474f 100644
--- a/decide/decide/settings.py
+++ b/decide/decide/settings.py
@@ -24,15 +24,6 @@
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = ['*']
-ALLOW_CREDENTIALS = True
-
-CORS_ORIGIN_ALLOW_ALL = True
-CORS_ORIGIN_WHITELIST = (
-    'http://localhost:3000/#',
-    'http://localhost:8000/#',
-)
-CORS_ALLOW_HEADERS = ['*']
 # Application definition
 
 INSTALLED_APPS = [
@@ -63,6 +54,7 @@
     'base.backends.AuthBackend',
 ]
 
+
 MODULES = [
     'administration',
     'authentication',
@@ -194,4 +186,3 @@
         vars()[k] = v
 
 INSTALLED_APPS = INSTALLED_APPS + MODULES
-# added to solve CORS
diff --git a/decide/local_settings.py b/decide/local_settings.py
index 3e4d88f545..a6268921ad 100644
--- a/decide/local_settings.py
+++ b/decide/local_settings.py
@@ -1,10 +1,18 @@
+# dev env CORS SETTINGS
+BASEURL = 'http://localhost:8000'
+FE_BASEURL = 'http://localhost:3000'
 
 ALLOWED_HOSTS = ['*']
 
-CORS_ORIGIN_ALLOW_ALL = True
+CORS_ALLOW_CREDENTIALS = True
+CORS_ORIGIN_ALLOW_ALL = False
 CORS_ORIGIN_WHITELIST = (
-    'http://localhost:3000',
+    BASEURL, FE_BASEURL
 )
+CSRF_TRUSTED_ORIGINS = [
+    BASEURL, FE_BASEURL
+]
+
 
 # Modules in use, commented modules that you won't use
 MODULES = [
@@ -20,7 +28,6 @@
     'voting',
 ]
 
-BASEURL = 'http://localhost:8000'
 
 APIS = {
     'administration': BASEURL,
@@ -42,14 +49,6 @@
         'CLIENT': {
             'host': '127.0.0.1',
         }
-    },
-    'postgres': {
-        'ENGINE': 'django.db.backends.postgresql',
-        'NAME': 'postgres',
-        'USER': 'decide',
-        'PASSWORD': 'decide',
-        'HOST': '127.0.0.1',
-        'PORT': '5432',
     }
 }
 
diff --git a/requirements.txt b/requirements.txt
index 543abc4890..5286fdb340 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,7 @@ django-utils==0.0.2
 Django==2.2.5
 pycryptodome==3.6.6
 djangorestframework==3.7.7
-django-cors-headers==2.1.0
+django-cors-headers==3.0.1
 requests==2.23.0
 django-filter==21.1
 psycopg2-binary==2.8.6