From b66fd9d3aecfa09db5babffa8a04f4f1369dec86 Mon Sep 17 00:00:00 2001
From: Markus <mbulli135@gmail.com>
Date: Tue, 12 May 2026 09:24:28 +0200
Subject: [PATCH] Added PUT and DELETE method to Access-Control-Allow-Methods
 field

---
 backend/lib/express/cors.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/lib/express/cors.js b/backend/lib/express/cors.js
index 6fbf3baf6d..e6d1d633eb 100644
--- a/backend/lib/express/cors.js
+++ b/backend/lib/express/cors.js
@@ -3,7 +3,7 @@ export default (req, res, next) => {
 		res.set({
 			"Access-Control-Allow-Origin": req.headers.origin,
 			"Access-Control-Allow-Credentials": true,
-			"Access-Control-Allow-Methods": "OPTIONS, GET, POST",
+			"Access-Control-Allow-Methods": "OPTIONS, GET, POST, PUT, DELETE",
 			"Access-Control-Allow-Headers":
 				"Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit",
 			"Access-Control-Max-Age": 5 * 60,