diff --git a/firebase.json b/firebase.json
index b5d2c56..2330f4c 100644
--- a/firebase.json
+++ b/firebase.json
@@ -8,10 +8,17 @@
   },
   "hosting": {
     "public": "public",
-    "ignore": [
-      "firebase.json",
-      "**/.*",
-      "**/node_modules/**"
+    "ignore": ["firebase.json", "**/.*", "**/node_modules/**"],
+    "headers": [
+      {
+        "source": "**",
+        "headers": [
+          {
+            "key": "Access-Control-Allow-Origin",
+            "value": "https://recipebook2-a9e9a.web.app"
+          }
+        ]
+      }
     ]
   },
   "storage": {
diff --git a/public/scripts/functions.js b/public/scripts/functions.js
index d05bf01..2864136 100644
--- a/public/scripts/functions.js
+++ b/public/scripts/functions.js
@@ -327,7 +327,8 @@ function createForkBtn(database, recipeDiv, recipe, profile) {
   recipeDiv.appendChild(forkBtn);
 
   forkBtn.addEventListener("click", () => {
-    database.user.getIdToken().then((token) => {
+    const user = firebase.auth().currentUser;
+    user.getIdToken().then((token) => {
       database.getRecipeImage(recipe.name, profile).then((url) => {
         fetch(url, {
           headers: {
diff --git a/storage.rules b/storage.rules
index eb90ef8..26b75a5 100644
--- a/storage.rules
+++ b/storage.rules
@@ -9,7 +9,7 @@ service firebase.storage {
     	allow read;
     }
     match /users/{userId}/{allPaths=**} {
-      allow read, write: if request.auth != null && request.auth.uid == userId;
+      allow read, write: if request.auth != null && request.auth.uid == userId  && request.auth.uid == request.path[1];
     }
   }
 }
\ No newline at end of file