diff --git a/src/main/kotlin/io/openfuture/openmessenger/configuration/SecurityConfig.kt b/src/main/kotlin/io/openfuture/openmessenger/configuration/SecurityConfig.kt
index 7223597..f93f2d7 100644
--- a/src/main/kotlin/io/openfuture/openmessenger/configuration/SecurityConfig.kt
+++ b/src/main/kotlin/io/openfuture/openmessenger/configuration/SecurityConfig.kt
@@ -2,7 +2,6 @@ package io.openfuture.openmessenger.configuration
 
 import io.openfuture.openmessenger.security.AwsCognitoTokenFilter
 import io.openfuture.openmessenger.security.CognitoAuthenticationProvider
-import jakarta.servlet.http.HttpServletRequest
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.Customizer
@@ -14,9 +13,6 @@ import org.springframework.security.config.annotation.web.configurers.SessionMan
 import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-import org.springframework.web.cors.CorsConfiguration
-import org.springframework.web.cors.CorsConfigurationSource
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource
 
 @Configuration
 @EnableWebSecurity
@@ -54,10 +50,9 @@ class SecurityConfig(
                     "/api/v1/public/login",
                     "/api/v1/public/signup",
                     "/api/v1/attachments/download/**",
-                    listOf("/*", "/webjars/**", "/js/*", "/img/*", "/css/*", "/video/*")
+                    listOf("/*", "/webjars/**", "/js/*", "/img/*", "/css/*", "/video/*"),
                     "/api/v1/refreshToken",
-                    "/api/v1/wallets/webhook",
-                    "/api/v1/attachments/download/**"
+                    "/api/v1/wallets/webhook"
                 ),
                 UsernamePasswordAuthenticationFilter::class.java
             )
diff --git a/src/main/kotlin/io/openfuture/openmessenger/security/AwsCognitoTokenFilter.kt b/src/main/kotlin/io/openfuture/openmessenger/security/AwsCognitoTokenFilter.kt
index de2cbba..a695df8 100644
--- a/src/main/kotlin/io/openfuture/openmessenger/security/AwsCognitoTokenFilter.kt
+++ b/src/main/kotlin/io/openfuture/openmessenger/security/AwsCognitoTokenFilter.kt
@@ -25,9 +25,8 @@ class AwsCognitoTokenFilter(
     allowedPages: List<String>,
     refreshTokenUrl: String?,
     webhookUrl: String?,
-    attachmentDownloadUrl: String?
 ) : AbstractAuthenticationProcessingFilter(defaultFilterProcessesUrl) {
-    companion object{
+    companion object {
         private val log = LoggerFactory.getLogger(AwsCognitoTokenFilter::class.java)
     }
 
@@ -47,6 +46,8 @@ class AwsCognitoTokenFilter(
         return !loginRequestMatcher.matches(request) &&
                 !signupRequestMatcher.matches(request) &&
                 !attachmentDownloadRequestMatcher.matches(request) &&
+                !refreshTokenRequestMatcher.matches(request) &&
+                !webhookRequestMatcher.matches(request) &&
                 allowedPagesRequestMatchers.all { !it.matches(request) }
     }