diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb
index 6cb320f..9e0964e 100644
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -1,4 +1,5 @@
 class MessagesController < ApplicationController
+  before_action :authenticate_admin!, only: %i[ index show update destroy ]
   before_action :set_message, only: %i[ show update destroy ]
 
   # GET /messages
diff --git a/app/controllers/reservations_controller.rb b/app/controllers/reservations_controller.rb
index 4d96fee..ed0791c 100644
--- a/app/controllers/reservations_controller.rb
+++ b/app/controllers/reservations_controller.rb
@@ -1,4 +1,5 @@
 class ReservationsController < ApplicationController
+  before_action :authenticate_admin!, only: %i[ index show update destroy ]
   before_action :set_reservation, only: %i[ show update destroy ]
 
   # GET /reservations
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
index 318406b..ad78e04 100644
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -11,7 +11,7 @@
 
     resource "*",
       headers: :any,
-      expose: [ "Access-Token", "Uid", "Client" ],
+      expose: [ "authorization" ],
       methods: [ :get, :post, :put, :patch, :delete, :options, :head ]
   end
 end
diff --git a/config/initializers/devise_token_auth.rb b/config/initializers/devise_token_auth.rb
index b6ed825..fa8bdcf 100644
--- a/config/initializers/devise_token_auth.rb
+++ b/config/initializers/devise_token_auth.rb
@@ -5,7 +5,7 @@
   # client is responsible for keeping track of the changing tokens. Change
   # this to false to prevent the Authorization header from changing after
   # each request.
-  # config.change_headers_on_each_request = true
+  config.change_headers_on_each_request = false
 
   # By default, users will need to re-authenticate after 2 weeks. This setting
   # determines how long tokens will remain valid after they are issued.