fix: refine CORS configuration to include methods and allowed headers

backend/server.js

@@ -20,8 +20,11 @@ app.use(
   cors({
     origin: ["https://backend.lose.the1s.de", "https://lose.the1s.de"],
     credentials: true,
+    methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+    allowedHeaders: ["Content-Type", "Authorization"],
   })
 );
+app.options("*", cors());
 // Increase body size limits to support large CSV JSON payloads
 app.use(express.urlencoded({ extended: true, limit: "10mb" }));
 app.set("view engine", "ejs");