diff --git a/packages/api/src/routers/article_router.ts b/packages/api/src/routers/article_router.ts
index f54222b36..f20a4d29a 100644
--- a/packages/api/src/routers/article_router.ts
+++ b/packages/api/src/routers/article_router.ts
@@ -1,8 +1,5 @@
-/* eslint-disable @typescript-eslint/restrict-template-expressions */
 /* eslint-disable @typescript-eslint/no-unsafe-member-access */
 /* eslint-disable @typescript-eslint/no-unsafe-assignment */
-/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
-/* eslint-disable @typescript-eslint/no-unsafe-call */
 import express from 'express'
 import { CreateArticleErrorCode } from '../generated/graphql'
 import { isSiteBlockedForParse } from '../utils/blocked'
diff --git a/packages/api/src/routers/user_router.ts b/packages/api/src/routers/user_router.ts
index 13f668bc1..09ab98004 100644
--- a/packages/api/src/routers/user_router.ts
+++ b/packages/api/src/routers/user_router.ts
@@ -1,3 +1,7 @@
+/* eslint-disable @typescript-eslint/restrict-template-expressions */
+/* eslint-disable @typescript-eslint/no-unsafe-member-access */
+/* eslint-disable @typescript-eslint/no-unsafe-assignment */
+/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
 import express from 'express'
 import { sendEmail } from '../utils/sendEmail'
 import { env } from '../env'
@@ -5,57 +9,53 @@ import { buildLogger } from '../utils/logger'
 import { getRepository } from '../entity/utils'
 import { User } from '../entity/user'
 import { getClaimsByToken } from '../utils/auth'
+import { corsConfig } from '../utils/corsConfig'
+import cors from 'cors'
 
 const logger = buildLogger('app.dispatch')
 
 export function userRouter() {
   const router = express.Router()
 
-  router.post('/email', async (req, res) => {
+  router.post('/email', cors<express.Request>(corsConfig), async (req, res) => {
     logger.info('email to-user router')
-
-    const token = req?.cookies?.auth || req?.headers?.authorization
+    const token = req?.headers?.authorization
     const claims = await getClaimsByToken(token)
     if (!claims) {
       res.status(401).send('UNAUTHORIZED')
       return
     }
-
     const from = process.env.SENDER_MESSAGE
     const { body, subject } = req.body as {
       body?: string
       subject?: string
     }
-
     if (!subject || !body || !from) {
       console.log(subject, body, from)
       res.status(400).send('Bad Request')
       return
     }
-
     try {
       const user = await getRepository(User).findOneBy({ id: claims.uid })
       if (!user) {
         res.status(400).send('Bad Request')
         return
       }
-
       const result = await sendEmail({
         from: env.sender.message,
         to: user.email,
         subject: subject,
         text: body,
       })
-
       if (!result) {
         logger.error('Email not sent to user')
         res.status(500).send('Failed to send email')
         return
       }
-
       res.status(200).send('Email sent to user')
     } catch (e) {
       logger.info(e)
+      res.status(500).send('Email sent to user')
     }
   })