diff --git a/src/main/java/dev/coph/flightscore/backend/Backend.java b/src/main/java/dev/coph/flightscore/backend/Backend.java
index 415f767..7ce8927 100644
--- a/src/main/java/dev/coph/flightscore/backend/Backend.java
+++ b/src/main/java/dev/coph/flightscore/backend/Backend.java
@@ -93,6 +93,10 @@ public class Backend {
         providerManager.enableAllProviders();
         logger.success("Providers enabled!");
 
+        logger.info("Configuring web server...");
+        webServer.addAllowedOrigin("http://localhost:3000");
+        logger.success("Web server configured!");
+
         logger.info("Starting web server...");
         webServer.start();
         logger.success("Web server started!");
diff --git a/src/main/java/dev/coph/flightscore/backend/requestHandler/auth/LoginRequestHandler.java b/src/main/java/dev/coph/flightscore/backend/requestHandler/auth/LoginRequestHandler.java
index ab3a83a..3e483d6 100644
--- a/src/main/java/dev/coph/flightscore/backend/requestHandler/auth/LoginRequestHandler.java
+++ b/src/main/java/dev/coph/flightscore/backend/requestHandler/auth/LoginRequestHandler.java
@@ -8,6 +8,7 @@ import dev.coph.simplerequest.handler.RequestHandler;
 import dev.coph.simplerequest.handler.RequestMethod;
 import dev.coph.simplerequest.util.ResponseUtil;
 import lombok.extern.slf4j.Slf4j;
+import org.eclipse.jetty.http.HttpCookie;
 import org.eclipse.jetty.http.HttpStatus;
 import org.eclipse.jetty.server.Response;
 import org.eclipse.jetty.util.Callback;
@@ -60,8 +61,7 @@ public class LoginRequestHandler {
         var responseObject = new JSONObject();
 
         responseObject.put("accessToken", loginResponse.accessToken());
-        responseObject.put("refreshToken", loginResponse.refreshToken());
-
+        Response.addCookie(response, HttpCookie.build("refreshToken", loginResponse.refreshToken()).httpOnly(true).build());
         ResponseUtil.writeSuccessfulAnswer(response, callback, responseObject);
     }
 }