From 5188b0e4c0d8f80d4634e97e53ce1d90520a55eb Mon Sep 17 00:00:00 2001
From: "theis.gaedigk" <theis.gaedigk@icloud.com>
Date: Fri, 15 Aug 2025 12:05:41 +0200
Subject: [PATCH] fix: refine CORS configuration to include methods and allowed
 headers

---
 backend/server.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/server.js b/backend/server.js
index e375e90..55d1d14 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -20,8 +20,11 @@ app.use(
   cors({
     origin: ["https://backend.lose.the1s.de", "https://lose.the1s.de"],
     credentials: true,
+    methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+    allowedHeaders: ["Content-Type", "Authorization"],
   })
 );
+app.options("*", cors());
 // Increase body size limits to support large CSV JSON payloads
 app.use(express.urlencoded({ extended: true, limit: "10mb" }));
 app.set("view engine", "ejs");