diff --git a/main.py b/main.py
index bf494df..27e7cba 100755
--- a/main.py
+++ b/main.py
@@ -28,23 +28,6 @@ class StripPathMiddleware(object):
         e['PATH_INFO'] = e['PATH_INFO'].rstrip('/')
         return self.a(e, h)
 
-class EnableCors(object):
-    name = 'enable_cors'
-    api = 2
-
-    def apply(self, fn, context):
-        def _enable_cors(*args, **kwargs):
-            # set CORS headers
-            response.headers['Access-Control-Allow-Origin'] = '*'
-            response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
-            response.headers['Access-Control-Allow-Headers'] = 'Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token'
-
-            if bottle.request.method != 'OPTIONS':
-                # actual request; reply with the actual response
-                return fn(*args, **kwargs)
-
-        return _enable_cors
-
 app = application = bottle.Bottle(catchall=False)
 
 ##################################################### Configuration ############################################
@@ -239,7 +222,7 @@ def login(request):
     Privileges : 0=admin 1=loggedIn 1000=guest
     """
     if 'admin_pass' in request.forms and request.forms['admin_pass'] == admin_password:
-        return {'_privilege':0}
+        return {'_privilege':0, '_id':'-1'}
     if 'token' in request.forms:
         token = request.forms.getunicode('token')
         try:
@@ -248,9 +231,9 @@ def login(request):
             return user
         except IndexError as e:
             pass
-        except pymongo.errors.ServerSelectionTimeoutError as e:
-            response.status = 500
-            return 'La base de donnée n’est pas accessible'
+        #except pymongo.errors.ServerSelectionTimeoutError as e:
+        #    response.status = 500
+        #    return {'_error': True} # anonymous
 
     return {'_privilege': 1000} # anonymous
 
@@ -284,6 +267,8 @@ def create_form ():
         return resp('error', 'Le champs « adresse » est requis')
 
     user = login(request)
+    print('post form')
+    print(user)
     if user['_privilege'] > 1:
         response.status = 400
         return resp('error', 'Privilèges insufisants')
@@ -331,7 +316,7 @@ def list_forms ():
 
 @app.delete('/form/<token>')
 def delete_form(token):
-    # If admin or form owner
+    # TODO If admin or form owner
     user = login(request)
     if user['_privilege'] > 1:
         response.status = 400
@@ -420,10 +405,7 @@ def delete_user (username):
         return resp('error', 'La base de donnée n’est pas accessible')
 
 
-
 ##################################################### app startup ############################################
+prod_app = StripPathMiddleware(app)
 if __name__ == '__main__':
-    app.install(EnableCors())
-    bottle.run(app=StripPathMiddleware(app), host=listen_address, port=listen_port, debug=True)
-else:
-    prod_app = StripPathMiddleware(app)
+    bottle.run(app=prod_app, host=listen_address, port=listen_port, debug=True)