diff --git a/docker/snippets/app.conf b/docker/snippets/app.conf
index 19a08454f..82d6b6036 100644
--- a/docker/snippets/app.conf
+++ b/docker/snippets/app.conf
@@ -1,7 +1,6 @@
 
 location / {
   send_timeout 10m;
-  include snippets/cors.conf;
 
   client_max_body_size 100M;
 
diff --git a/docker/snippets/cors.conf b/docker/snippets/cors.conf
deleted file mode 100644
index 06d5defa9..000000000
--- a/docker/snippets/cors.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# cleanup received headers from passenger app (requires libnginx-mod-http-headers-more-filter)
-# more_clear_headers 'Access-Control-*';
-
-if ($request_method = 'OPTIONS') {
-  add_header 'Access-Control-Allow-Origin' '*' always;
-  add_header 'Access-Control-Allow-Methods' 'DELETE, GET, HEAD, PATCH, POST, PUT' always;
-  add_header 'Access-Control-Allow-Credentials' 'true' always;
-  add_header 'Access-Control-Expose-Headers' 'Cache-Control, Content-Encoding, Content-Type' always;
-  add_header 'Access-Control-Allow-Headers' 'DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Origin, Content-Encoding, Content-Type, Accept, Authorization' always;
-  add_header 'Access-Control-Max-Age' 1728000 always;
-  add_header 'Content-Type' 'text/plain' always;
-  add_header 'Content-Length' '0' always;
-
-  return 204;
-}
-
-add_header 'Access-Control-Allow-Origin' '*' always;
-add_header 'Access-Control-Allow-Credentials' 'true' always;
-add_header 'Access-Control-Expose-Headers' 'Cache-Control, Content-Encoding, Content-Type' always;
diff --git a/server.ru b/server.ru
index 6e622d0be..e1539f352 100644
--- a/server.ru
+++ b/server.ru
@@ -21,7 +21,12 @@ require './environment'
 use Rack::Cors do
   allow do
     origins '*'
-    resource '*', headers: :any, methods: :any
+    resource '*',
+      headers: :any,
+      methods: :any,
+      expose: ['Cache-Control', 'Content-Encoding', 'Content-Type'],
+      max_age: 1728000,
+      credentials: false
   end
 end