diff --git a/backend/internal/api/middleware/cors_middleware.go b/backend/internal/api/middleware/cors_middleware.go
index a2614c7..da19c3f 100644
--- a/backend/internal/api/middleware/cors_middleware.go
+++ b/backend/internal/api/middleware/cors_middleware.go
@@ -37,7 +37,7 @@ func CORSMiddleware(next http.Handler) http.Handler {
 		// Essential for some auth flows (cookies)
 		w.Header().Set("Access-Control-Allow-Credentials", "true")
 
-		w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
+		w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, PATCH, DELETE")
 		w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
 
 		if r.Method == "OPTIONS" {