diff --git a/internal/http/handlers/chat.go b/internal/http/handlers/chat.go
index d397f9d..05fbf67 100644
--- a/internal/http/handlers/chat.go
+++ b/internal/http/handlers/chat.go
@@ -38,6 +38,8 @@ func NewChatHandler(chatService service.ChatService, hub *ws.Hub, tokenAuth *aut
 }
 
 func (h *ChatHandler) HandleWebSocket(w http.ResponseWriter, r *http.Request) {
+	log.Printf("Incoming WebSocket headers: %+v", r.Header)
+	log.Printf("Cookies: %+v", r.Cookies())
 	requestedProtocol := r.Header.Get("Sec-WebSocket-Protocol")
 	if requestedProtocol != "" && requestedProtocol != "graphql-transport-ws" {
 		http.Error(w, "Unsupported WebSocket protocol", http.StatusBadRequest)
diff --git a/internal/http/middleware/cors.go b/internal/http/middleware/cors.go
index 804ee76..09ba12a 100644
--- a/internal/http/middleware/cors.go
+++ b/internal/http/middleware/cors.go
@@ -8,12 +8,17 @@ import (
 func CORS(allowedOrigins []string) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			origin := r.Header.Get("Origin")
+			// Особые правила для WebSocket
 			if r.Header.Get("Upgrade") == "websocket" {
+				w.Header().Set("Access-Control-Allow-Origin", "*")
+				w.Header().Set("Access-Control-Allow-Credentials", "true")
+				w.Header().Set("Access-Control-Allow-Headers", "*")
 				next.ServeHTTP(w, r)
 				return
 			}
-			// Проверяем, разрешен ли источник
+
+			// Стандартная CORS логика для других запросов
+			origin := r.Header.Get("Origin")
 			if isOriginAllowed(origin, allowedOrigins) {
 				w.Header().Set("Access-Control-Allow-Origin", origin)
 				w.Header().Set("Access-Control-Allow-Credentials", "true")
@@ -23,7 +28,6 @@ func CORS(allowedOrigins []string) func(http.Handler) http.Handler {
 					"GET, POST, PUT, DELETE, OPTIONS")
 			}
 
-			// Обрабатываем предварительные OPTIONS-запросы
 			if r.Method == "OPTIONS" {
 				w.WriteHeader(http.StatusNoContent)
 				return