diff --git a/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java b/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
index ef90cd8..ba2be6d 100644
--- a/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
+++ b/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
@@ -40,6 +40,7 @@ public class SecurityConfig {
                 .authorizeHttpRequests(authz -> authz
                         .requestMatchers("/api/auth/**").permitAll()
                         .requestMatchers("/api/users/**").authenticated()
+                        .requestMatchers("/api/brands/**").authenticated()
                         .anyRequest().permitAll()
                 )
 
@@ -58,7 +59,7 @@ public class SecurityConfig {
             @Override
             public void addCorsMappings(CorsRegistry registry) {
                 registry.addMapping("/**")
-                        .allowedOrigins("http://localhost:4200", "http://127.0.0.1:4200") // Ton front
+                        .allowedOrigins("http://localhost:4200", "http://127.0.0.1:4200")
                         .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
                         .allowedHeaders("*")
                         .allowCredentials(true);