diff --git a/README.md b/README.md
index 44ad851..9e73a0f 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ INSTALLED_APPS = [
     'django_python3_ldap',
     
     'django.contrib.sites',
+    'corsheaders',
     'oauth2_provider',
     'allauth',
     'allauth.account',
@@ -37,7 +38,15 @@ OAUTH2_PROVIDER_APPLICATION_MODEL = 'oauth2_provider.Application'
 
 cors for web apps:
 ```
-CORS_ALLOW_ALL_ORIGINS = True
+MIDDLEWARE = (
+    # ...
+    'corsheaders.middleware.CorsMiddleware',
+    # ...
+)
+
+
+CORS_ORIGIN_ALLOW_ALL = True
+// now limit the allow all to the following path:
 CORS_URLS_REGEX = r"^/oauth2/.*$"
 
 ```
@@ -66,6 +75,16 @@ DEFAULT_FROM_EMAIL = 'name <mail@example.com>'
 
 ```
 
+(recommended) cleanup old token
+```
+CELERY_BEAT_SCHEDULE = {
+    'cleanup_token': {
+        'task': 'janus.cleanup_token',
+        'schedule': crontab(minute='1', hour='6')
+    },
+}
+```
+
 (optional) setup your ldap server
 ```
 # The URL of the LDAP server.