diff --git a/web/src/app/(app)/api/[[...routes]]/route.ts b/web/src/app/(app)/api/[[...routes]]/route.ts
index 8e27050..fcebc17 100644
--- a/web/src/app/(app)/api/[[...routes]]/route.ts
+++ b/web/src/app/(app)/api/[[...routes]]/route.ts
@@ -44,14 +44,6 @@ async function checkAuth(c: Context, next: Next, headers?: HeadersInit) {
   await next();
 }
 
-async function checkAuthCORS(c: Context, next: Next) {
-  return checkAuth(c, next, {
-    "Access-Control-Allow-Origin": "*",
-    "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
-    "Access-Control-Allow-Headers": "Content-Type, Authorization",
-  });
-}
-
 app.use("/run", checkAuth);
 app.use("/upload-url", checkAuth);
 
diff --git a/web/src/routes/registerWorkflowUploadRoute.ts b/web/src/routes/registerWorkflowUploadRoute.ts
index b851ae2..b71a0ed 100644
--- a/web/src/routes/registerWorkflowUploadRoute.ts
+++ b/web/src/routes/registerWorkflowUploadRoute.ts
@@ -12,7 +12,7 @@ import {
   createNewWorkflowVersion,
 } from "@/server/createNewWorkflow";
 import { z, createRoute } from "@hono/zod-openapi";
-import { and, eq } from "drizzle-orm";
+import { and, eq, isNull } from "drizzle-orm";
 
 const route = createRoute({
   method: "post",
@@ -120,7 +120,9 @@ export const registerWorkflowUploadRoute = (app: App) => {
             and(
               eq(workflowTable.id, workflow_id),
               eq(workflowTable.user_id, user_id),
-              eq(workflowTable.org_id, org_id),
+              org_id
+                ? eq(workflowTable.org_id, org_id)
+                : isNull(workflowTable.org_id),
             ),
           );