diff --git a/src/main/java/io/oopy/coding/common/config/security/SecurityConfig.java b/src/main/java/io/oopy/coding/common/config/security/SecurityConfig.java
index 994b1fe..05c7224 100644
--- a/src/main/java/io/oopy/coding/common/config/security/SecurityConfig.java
+++ b/src/main/java/io/oopy/coding/common/config/security/SecurityConfig.java
@@ -64,7 +64,7 @@ public AuthenticationEntryPoint authenticationEntryPoint() {
     public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
         httpSecurity.csrf(AbstractHttpConfigurer::disable)
                 .httpBasic(AbstractHttpConfigurer::disable)
-                .cors((cors) -> cors.configurationSource(corsConfigurationSource()))
+                .cors(httpSecurityCorsConfigurer -> corsConfigurationSource())
                 .formLogin(AbstractHttpConfigurer::disable)
                 .logout(AbstractHttpConfigurer::disable)
                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
@@ -97,7 +97,7 @@ CorsConfigurationSource corsConfigurationSource() {
         configuration.setAllowedMethods(List.of("GET", "POST", "OPTIONS", "PUT", "PATCH", "DELETE"));
         configuration.setAllowedHeaders(List.of("*"));
         configuration.setMaxAge(3600L);
-        configuration.setExposedHeaders(List.of(SET_COOKIE, AUTHORIZATION, AuthConstants.REFRESH_TOKEN.getValue()));
+        configuration.setExposedHeaders(List.of(SET_COOKIE, "accessToken", AuthConstants.REFRESH_TOKEN.getValue()));
         configuration.setAllowCredentials(true);
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", configuration);