diff --git a/backend/src/main/java/hu/pazmany/controller/Controller.java b/backend/src/main/java/hu/pazmany/controller/Controller.java
index b6f13e6693fa6b628d104ffadcf1e6ee0a28f1ae..fe0492202616470b655a87c9a4a079bb911f7a09 100644
--- a/backend/src/main/java/hu/pazmany/controller/Controller.java
+++ b/backend/src/main/java/hu/pazmany/controller/Controller.java
@@ -17,7 +17,6 @@ import java.util.Optional;
 
 @RestController
 @RequestMapping("/api")
-@CrossOrigin(origins = "https://vau-vau.web.app/")
 public class Controller {
 	private final DogService dogService;
 	private final UserService userService;
@@ -48,7 +47,7 @@ public class Controller {
 
 	@PostMapping("/newdog")
 	public ResponseEntity<?> addNewDog(@RequestBody DetailedDogDTO dto, @RequestHeader("Authorization") String token) {
-		if(isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+		if(!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
 
 		dogService.addNewDog(dto);
 		return ResponseEntity.status(HttpStatus.CREATED).build();
@@ -57,7 +56,7 @@ public class Controller {
 
 	@PostMapping("/dogs/{id}/edit")
 	public ResponseEntity<?> editDog(@PathVariable Integer id, @RequestBody DetailedDogDTO dto, @RequestHeader("Authorization") String token) {
-		if (isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+		if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
 		// Retrieve the dog entity from the database
 		Optional<DetailedDogDTO> optionalDog = dogService.get(id);
 		if (optionalDog.isPresent()) {
@@ -73,7 +72,7 @@ public class Controller {
 
 	@DeleteMapping("/dogs/{id}")
 	public ResponseEntity<?> deleteDog(@PathVariable Integer id, @RequestHeader("Authorization") String token) {
-		if (isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+		if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
 
 		dogService.deleteDog(id);
 		return ResponseEntity.ok().build();
diff --git a/backend/src/main/java/hu/pazmany/dto/UserDTO.java b/backend/src/main/java/hu/pazmany/dto/UserDTO.java
index 5245b4575a07cfc65dd1f10908ac2b36d8224c1e..56f0dd4e8e31338a15eb1d1abe0de62686c6ef19 100644
--- a/backend/src/main/java/hu/pazmany/dto/UserDTO.java
+++ b/backend/src/main/java/hu/pazmany/dto/UserDTO.java
@@ -1,11 +1,11 @@
 package hu.pazmany.dto;
 
-import jakarta.validation.constraints.Min;
+import jakarta.validation.constraints.Size;
 
 public class UserDTO {
-    @Min(value = 5, message = "Username must be at least 5 characters long")
+    @Size(min = 5, message = "Username must be at least 5 characters long")
     private String username;
-    @Min(value = 5, message = "Password must be at least 5 characters long")
+    @Size(min = 5, message = "Password must be at least 5 characters long")
     private String password;
     private String token;
 
diff --git a/backend/src/main/java/hu/pazmany/security/CorsConfig.java b/backend/src/main/java/hu/pazmany/security/CorsConfig.java
new file mode 100644
index 0000000000000000000000000000000000000000..a209b94e9c9da93176d0606746bcfac99036f4a9
--- /dev/null
+++ b/backend/src/main/java/hu/pazmany/security/CorsConfig.java
@@ -0,0 +1,16 @@
+package hu.pazmany.security;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class CorsConfig implements WebMvcConfigurer {
+
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+        registry.addMapping("/**")
+                .allowedOrigins("https://vau-vau.web.app/", "http://localhost:3000", "http://localhost:3001", "http://localhost:3002", "http://localhost:8080")
+                .allowedMethods("*");
+    }
+}
\ No newline at end of file