diff --git a/customerapi/controllers/LoginController.php b/customerapi/controllers/LoginController.php
index 71502d4..30e18b8 100644
--- a/customerapi/controllers/LoginController.php
+++ b/customerapi/controllers/LoginController.php
@@ -10,6 +10,7 @@ namespace customerapi\controllers;
 
 use customerapi\models\LoginForm;
 use sizeg\jwt\Jwt;
+use sizeg\jwt\JwtHttpBearerAuth;
 use Yii;
 use yii\rest\Controller;
 use yii\web\UnauthorizedHttpException;
@@ -19,6 +20,30 @@ use yii\web\UnauthorizedHttpException;
 class LoginController extends Controller
 {
 
+    public function behaviors()
+    {
+        $behaviors = parent::behaviors();
+
+        $behaviors['corsFilter'] = [
+              'class' => \yii\filters\Cors::className(),
+              'cors' => [
+                  // restrict access to
+                  'Origin' => ['https://botondfitness.hu'],
+                  // Allow only POST and PUT methods
+//                  'Access-Control-Request-Method' => ['POST', 'PUT'],
+                  // Allow only headers 'X-Wsse'
+//                  'Access-Control-Request-Headers' => ['X-Wsse'],
+                  // Allow credentials (cookies, authorization headers, etc.) to be exposed to the browser
+                  'Access-Control-Allow-Credentials' => true,
+                  // Allow OPTIONS caching
+//                  'Access-Control-Max-Age' => 3600,
+                  // Allow the X-Pagination-Current-Page header to be exposed to the browser.
+//                  'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'],
+              ]
+        ];
+        return $behaviors;
+    }
+
     /**
      * hash for password test is:
      * $2y$13$D2BauYE2nhCdVDNatT9BMeWGxOvi5t5V6W2OUjr6sj2FRpb317Cpq