From eae3df7f38e56d940a92e9d7df815b068b3312c4 Mon Sep 17 00:00:00 2001
From: Tiago Yamamoto <tiago.ribeiro@inventcloud.com.br>
Date: Fri, 26 Dec 2025 00:59:04 -0300
Subject: [PATCH] fix(cors): add PATCH to allowed methods

Without PATCH in CORS headers, user update was failing with:
'Method PATCH is not allowed by Access-Control-Allow-Methods'
---
 backend/internal/api/middleware/cors_middleware.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/internal/api/middleware/cors_middleware.go b/backend/internal/api/middleware/cors_middleware.go
index a2614c7..da19c3f 100644
--- a/backend/internal/api/middleware/cors_middleware.go
+++ b/backend/internal/api/middleware/cors_middleware.go
@@ -37,7 +37,7 @@ func CORSMiddleware(next http.Handler) http.Handler {
 		// Essential for some auth flows (cookies)
 		w.Header().Set("Access-Control-Allow-Credentials", "true")
 
-		w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
+		w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, PATCH, DELETE")
 		w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
 
 		if r.Method == "OPTIONS" {