diff --git a/src/main/java/de/tinf22b6/dhbwhub/config/WebConfig.java b/src/main/java/de/tinf22b6/dhbwhub/config/WebConfig.java
index b4e49560..8a3e09f5 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/config/WebConfig.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/config/WebConfig.java
@@ -13,7 +13,7 @@ public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
                 .allowedOrigins("http://localhost:3000", "https://www.dhbwhub.de")
                 .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
-                //.allowedHeaders("Content-Type", "Authorization", "Access-Control-Allow-Origin", "Accept")
+                .allowedHeaders("Content-Type", "Authorization", "Accept")
                 .allowCredentials(true);
     }
 }
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/AccountController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/AccountController.java
index 71a5fd91..6d74cd6b 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/AccountController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/AccountController.java
@@ -10,7 +10,6 @@
 import java.util.List;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping(value = "/account")
 public class AccountController {
     private final AccountService service;
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/AdministratorController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/AdministratorController.java
index 305868df..76e8ae9d 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/AdministratorController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/AdministratorController.java
@@ -10,7 +10,6 @@
 import java.util.List;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping(value = "/administrator")
 public class AdministratorController {
     private final AdministratorService service;
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/AuthController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/AuthController.java
index dae23a7b..9647c660 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/AuthController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/AuthController.java
@@ -31,7 +31,6 @@
 import java.util.stream.Collectors;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping("/api/auth")
 @RequiredArgsConstructor
 public class AuthController {
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/CommentController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/CommentController.java
index b4514975..c17edbbf 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/CommentController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/CommentController.java
@@ -14,7 +14,6 @@
 import java.util.List;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping(value = "/comment")
 public class CommentController {
     private final CommentService service;
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/CourseController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/CourseController.java
index 739ea2b7..f05dc036 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/CourseController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/CourseController.java
@@ -10,7 +10,6 @@
 import java.util.List;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping(value = "/course")
 public class CourseController {
     private final CourseService service;
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/EventController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/EventController.java
index 197c6aed..13b14968 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/EventController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/EventController.java
@@ -9,7 +9,6 @@
 import java.util.List;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping(value = "/event")
 public class EventController {
     private final EventService service;
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/FacultyController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/FacultyController.java
index 00b3e3d4..df984ae2 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/FacultyController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/FacultyController.java
@@ -10,7 +10,6 @@
 import java.util.List;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping(value = "/faculty")
 public class FacultyController {
     private final FacultyService service;
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/FriendshipController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/FriendshipController.java
index 536d75f4..a17492c0 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/FriendshipController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/FriendshipController.java
@@ -10,7 +10,6 @@
 import java.util.List;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping(value = "/friendship")
 public class FriendshipController {
     private final FriendshipService service;
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/NotificationController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/NotificationController.java
index 856bb991..0c2b268c 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/NotificationController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/NotificationController.java
@@ -9,7 +9,6 @@
 import java.util.List;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping(value = "/notification")
 public class NotificationController {
     private final NotificationService service;
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/PictureController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/PictureController.java
index d2820ca0..687c337b 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/PictureController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/PictureController.java
@@ -10,7 +10,6 @@
 import java.util.List;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping(value = "/picture")
 public class PictureController {
     private final PictureService service;
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/PostController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/PostController.java
index 46b8f21d..50c5d625 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/PostController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/PostController.java
@@ -11,7 +11,6 @@
 import java.util.List;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping(value = "/post")
 public class PostController {
     private final PostService service;
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/SavedPostController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/SavedPostController.java
index f33153c5..2d30e05b 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/SavedPostController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/SavedPostController.java
@@ -11,7 +11,6 @@
 import java.util.List;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping(value = "/saved-post")
 public class SavedPostController {
     private final SavedPostService service;
diff --git a/src/main/java/de/tinf22b6/dhbwhub/controller/UserController.java b/src/main/java/de/tinf22b6/dhbwhub/controller/UserController.java
index 9c44dba2..16508414 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/controller/UserController.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/controller/UserController.java
@@ -11,7 +11,6 @@
 import java.util.List;
 
 @RestController
-@CrossOrigin(origins = {"https://www.dhbwhub.de", "http://localhost:3000"})
 @RequestMapping(value = "/user")
 public class UserController {
     private final UserService service;
diff --git a/src/main/java/de/tinf22b6/dhbwhub/security/WebSecurityConfig.java b/src/main/java/de/tinf22b6/dhbwhub/security/WebSecurityConfig.java
index 9b855752..6bc8c08f 100644
--- a/src/main/java/de/tinf22b6/dhbwhub/security/WebSecurityConfig.java
+++ b/src/main/java/de/tinf22b6/dhbwhub/security/WebSecurityConfig.java
@@ -7,6 +7,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -71,15 +72,15 @@ public PasswordEncoder passwordEncoder() {
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        http.csrf(AbstractHttpConfigurer::disable) // TODO: CodeQL doesn't like that
+        http.csrf(AbstractHttpConfigurer::disable)
+            // CSRF protection is disabled as this is a stateless API. The application uses token-based authentication, making CSRF less relevant.
             .authorizeHttpRequests(authorizeRequests ->
                 authorizeRequests.requestMatchers(PUBLIC_ENDPOINTS).permitAll()
                     .anyRequest().authenticated()
             ).exceptionHandling(exceptionHandling -> exceptionHandling.authenticationEntryPoint(unauthorizedHandler))
-            .addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
+            .addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class)
+            .cors(Customizer.withDefaults());
 
         return http.build();
     }
-
 }
-
diff --git a/src/main/web/src/config/config.ts b/src/main/web/src/config/config.ts
index 156363c2..6a090af1 100644
--- a/src/main/web/src/config/config.ts
+++ b/src/main/web/src/config/config.ts
@@ -3,10 +3,9 @@ const config = {
   apiUrl: 'https://56e66ce8-2ac2-4635-982a-f19f20896303.ka.bw-cloud-instance.org:8443/',
   googleClientId: '973066251162-r60h517iddja3k756d2f6n8sng5nn24q.apps.googleusercontent.com',
   tooltipMessage: "Please sign up or log in to use this feature",
-  adsOn: true,
+  adsOn: false,
   headers: {
     'Content-Type': 'application/json',
-    'Access-Control-Allow-Origin': '*',
     'Accept': 'application/json'
   }
 };
diff --git a/src/main/web/src/services/LikeService.tsx b/src/main/web/src/services/LikeService.tsx
index f0d1d75f..3bcafeaf 100644
--- a/src/main/web/src/services/LikeService.tsx
+++ b/src/main/web/src/services/LikeService.tsx
@@ -24,7 +24,7 @@ const handleLike = async (
       localStorage.setItem(`liked_${postId}`, 'true');
 
       await fetch(config.apiUrl + `post/increase-likes`, {
-        method: 'POST',
+        method: 'PUT',
         headers: headersWithJwt,
         body: JSON.stringify({
           userId: userId,
@@ -38,7 +38,7 @@ const handleLike = async (
       localStorage.removeItem(`liked_${postId}`);
 
       await fetch(config.apiUrl + `post/decrease-likes`, {
-        method: 'POST',
+        method: 'PUT',
         headers: headersWithJwt,
         body: JSON.stringify({
           userId: userId,