From f97e8ea1d0c8dd4bc9cb5a2968a56eef17f6980c Mon Sep 17 00:00:00 2001
From: fullsizemalt <106900403+fullsizemalt@users.noreply.github.com>
Date: Tue, 6 Jan 2026 23:53:32 -0800
Subject: [PATCH] fix(backend): Add manual OPTIONS handler for legacy clients

---
 backend/src/server.ts | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/backend/src/server.ts b/backend/src/server.ts
index 1c49a1c..b6cba4a 100644
--- a/backend/src/server.ts
+++ b/backend/src/server.ts
@@ -39,6 +39,15 @@ server.register(cors, {
     credentials: true,
     methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS']
 });
+
+// Manual OPTIONS handler as fallback
+server.options('/*', async (request, reply) => {
+    reply.header('Access-Control-Allow-Origin', request.headers.origin || '*');
+    reply.header('Access-Control-Allow-Credentials', 'true');
+    reply.header('Access-Control-Allow-Methods', 'GET,POST,PUT,PATCH,DELETE,OPTIONS');
+    reply.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+    return reply.send();
+});
 server.register(prismaPlugin);
 server.register(jwt, {
     secret: process.env.JWT_SECRET || 'supersecret'