diff --git a/src/api/auth/index.ts b/src/api/auth/index.ts
index 3023f3c..270071a 100644
--- a/src/api/auth/index.ts
+++ b/src/api/auth/index.ts
@@ -28,6 +28,13 @@ export const auth = betterAuth({
     modelName: "session",
   },
 
+  advanced: {
+    useSecureCookies: true, // Must be true for production (HTTPS)
+    crossSubDomainCookies: {
+      enabled: false, // Not subdomains, different domains entirely
+    },
+  },
+
   emailAndPassword: {
     enabled: true,
   },
diff --git a/src/index.ts b/src/index.ts
index f77e496..d007e13 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -14,6 +14,9 @@ const app = new Elysia()
           o.trim(),
         ) || "*",
       credentials: true,
+      allowedHeaders: ["Content-Type", "Authorization", "Cookie"],
+      exposeHeaders: ["Set-Cookie"],
+      methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
     }),
   )