diff --git a/api-gateway/cmd/main.go b/api-gateway/cmd/main.go
index 8b299bb..af192a1 100644
--- a/api-gateway/cmd/main.go
+++ b/api-gateway/cmd/main.go
@@ -218,6 +218,7 @@ func CORSHandler(next http.Handler) http.Handler {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
 		w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+		w.Header().Set("Access-Control-Expose-Headers", "Content-Type, Authorization")
 
 		if r.Method == http.MethodOptions {
 			w.WriteHeader(http.StatusOK)
diff --git a/frontend/src/components/AuthForm.tsx b/frontend/src/components/AuthForm.tsx
index b8aa767..4a2a0fc 100644
--- a/frontend/src/components/AuthForm.tsx
+++ b/frontend/src/components/AuthForm.tsx
@@ -28,7 +28,8 @@ const AuthForm: React.FC<{ mode: 'login' | 'register' }> = ({ mode }) => {
             });
 
             if (response.ok) {
-                const token = response.headers.get('AUTHORIZATION');
+                const token = response.headers.get('Authorization');
+
                 if (token) {
                     localStorage.setItem('token', token);
                     navigate('/');