diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/JwtFilters.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/JwtFilters.kt
index 16523e8..d5b5023 100644
--- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/JwtFilters.kt
+++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/JwtFilters.kt
@@ -53,6 +53,7 @@ class JwtAuthenticationFilter(
         val userDetails = auth.principal as UserDetails
         val token = jwtService.buildJwt(userDetails)
 
+        response.addHeader("Access-Control-Expose-Headers", authorizationCookieName)
         response.addHeader(authorizationCookieName, "Bearer $token")
         response.addCookie(authorizationCookieName, "Bearer$token") {
             httpOnly = true
diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt
index 7272775..ec68d49 100644
--- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt
+++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt
@@ -89,8 +89,9 @@ abstract class BaseSecurityConfig(
             .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
             .and()
             .authorizeRequests()
+            .antMatchers("/api/config/**").permitAll()    // Allow access to logo and icon
+            .antMatchers("/api/login").permitAll()  // Allow access to login
             .antMatchers("**").fullyAuthenticated()
-            .antMatchers("/api/login").permitAll()
 
         if (debugMode) {
             http