diff --git a/packages/message_server/src/api.js b/packages/message_server/src/api.js
index f0abd4f9..715fb154 100755
--- a/packages/message_server/src/api.js
+++ b/packages/message_server/src/api.js
@@ -12,7 +12,7 @@ import routes from "./routes"
 const mainAPI = axios.create({
     baseURL: process.env.MAIN_API_URL ?? "http://localhost:3010",
     headers: {
-        "server_token": `${process.env.MAIN_SERVER_ID}:${process.env.MAIN_SERVER_TOKEN}`,
+        server_token: `${process.env.MAIN_SERVER_ID}:${process.env.MAIN_SERVER_TOKEN}`,
     }
 })
 
@@ -82,7 +82,7 @@ class TextRoomServer {
 
                 if (!session.valid) {
                     console.error(`[${socket.id}] failed to validate session caused by invalid token`, session)
-                    
+
                     return next(new Error(`auth:token_invalid`))
                 }
 
diff --git a/packages/server/package.json b/packages/server/package.json
index 24e4a9a3..8e073821 100755
--- a/packages/server/package.json
+++ b/packages/server/package.json
@@ -21,7 +21,7 @@
     "formidable": "^2.1.1",
     "jimp": "^0.16.2",
     "jsonwebtoken": "^9.0.0",
-    "linebridge": "0.15.7",
+    "linebridge": "0.15.8",
     "luxon": "^3.2.1",
     "mime-types": "^2.1.35",
     "minio": "^7.0.32",
diff --git a/packages/server/src/api.js b/packages/server/src/api.js
index 9e75a55f..5ebe802c 100755
--- a/packages/server/src/api.js
+++ b/packages/server/src/api.js
@@ -35,6 +35,8 @@ export default class API {
         require("@controllers"),
         require("@middlewares"),
         {
+            "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+            "Access-Control-Allow-Headers": "Content-Type, Authorization, Content-Length, X-Requested-With, X-Access-Token, X-Refresh-Token, server_token",
             "Access-Control-Expose-Headers": "regenerated_token",
         },
     )
@@ -44,15 +46,15 @@ export default class API {
     eventBus = global.eventBus = new EventEmitter()
 
     storage = global.storage = createStorageClientInstance()
-
+    
     jwtStrategy = global.jwtStrategy = {
         jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
-        secretOrKey: this.server.server_token,
+        secretOrKey: process.env.SERVER_TOKEN ?? "secret",
         algorithms: ["sha1", "RS256", "HS256"],
         expiresIn: process.env.signLifetime ?? "1h",
         enforceRegenerationTokenExpiration: false,
     }
-
+    
     constructor() {
         this.server.engine_instance.use(express.json())
         this.server.engine_instance.use(express.urlencoded({ extended: true }))