From cb01b869ee303afdae03c28b0dbf15e4cd795998 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Mon, 15 Dec 2025 02:43:37 +0100
Subject: [PATCH] fix cors

---
 src/api/middlewares/CORS.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/api/middlewares/CORS.ts b/src/api/middlewares/CORS.ts
index 84c49a8bd..34532d3f5 100644
--- a/src/api/middlewares/CORS.ts
+++ b/src/api/middlewares/CORS.ts
@@ -23,7 +23,7 @@ import { NextFunction, Request, Response } from "express";
 export function CORS(req: Request, res: Response, next: NextFunction) {
 	res.set("Access-Control-Allow-Credentials", "true");
 	res.set("Access-Control-Allow-Headers", req.header("Access-Control-Request-Headers") || "*");
-	res.set("Access-Control-Allow-Methods", req.header("Access-Control-Request-Methods") || "*");
+	res.set("Access-Control-Allow-Methods", req.header("Access-Control-Request-Method") || "*");
 	res.set("Access-Control-Allow-Origin", req.header("Origin") ?? "*");
 	res.set("Access-Control-Max-Age", "5"); // dont make it too long so we can change it dynamically
 	// TODO: use better CSP