diff --git a/backend/src/server.ts b/backend/src/server.ts
index 1c49a1c..b6cba4a 100644
--- a/backend/src/server.ts
+++ b/backend/src/server.ts
@@ -39,6 +39,15 @@ server.register(cors, {
     credentials: true,
     methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS']
 });
+
+// Manual OPTIONS handler as fallback
+server.options('/*', async (request, reply) => {
+    reply.header('Access-Control-Allow-Origin', request.headers.origin || '*');
+    reply.header('Access-Control-Allow-Credentials', 'true');
+    reply.header('Access-Control-Allow-Methods', 'GET,POST,PUT,PATCH,DELETE,OPTIONS');
+    reply.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+    return reply.send();
+});
 server.register(prismaPlugin);
 server.register(jwt, {
     secret: process.env.JWT_SECRET || 'supersecret'