diff --git a/src/main/java/gov/cms/madie/cqllibraryservice/config/security/SecurityConfig.java b/src/main/java/gov/cms/madie/cqllibraryservice/config/security/SecurityConfig.java
index 4a739e5..9d8292e 100644
--- a/src/main/java/gov/cms/madie/cqllibraryservice/config/security/SecurityConfig.java
+++ b/src/main/java/gov/cms/madie/cqllibraryservice/config/security/SecurityConfig.java
@@ -12,8 +12,9 @@
 @EnableMethodSecurity
 public class SecurityConfig {
 
-  private static final String[] CSRF_WHITELIST = {"/cql-libraries/*/ownership"};
-  private static final String[] AUTH_WHITELIST = {"/actuator/**", "/cql-libraries/*/ownership"};
+  private static final String[] CSRF_WHITELIST = {"/cql-libraries/*/ownership", "cql-libraries/cql"};
+  private static final String[] AUTH_WHITELIST = {"/actuator/**", "/cql-libraries/*/ownership", "cql-libraries/cql"};
+
 
   @Bean
   protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {