From c55f75739fbfcb89406ae30564c7c884365c120a Mon Sep 17 00:00:00 2001
From: louispaulb <louis.targo@gmail.com>
Date: Mon, 1 Jun 2026 14:49:11 -0400
Subject: [PATCH] fix(hub/cors): allow PATCH in preflight
 Access-Control-Allow-Methods
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Browser CORS preflight (OPTIONS) for PATCH /campaigns/:id was
rejected because PATCH wasn't listed in Access-Control-Allow-Methods.
The browser surfaced this as a generic "Load failed" on the
"Enregistrer" button of the edit-params dialog. curl bypasses CORS
so backend testing missed it.

The header now includes PATCH alongside GET/POST/PUT/DELETE/OPTIONS.
Verified live: OPTIONS preflight now returns the full method list.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 services/targo-hub/server.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/targo-hub/server.js b/services/targo-hub/server.js
index 969a39e..34d083e 100644
--- a/services/targo-hub/server.js
+++ b/services/targo-hub/server.js
@@ -39,7 +39,7 @@ const server = http.createServer(async (req, res) => {
   const method = req.method
 
   res.setHeader('Access-Control-Allow-Origin', '*')
-  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
+  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
   res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Authentik-Email, X-Authentik-Groups')
   if (method === 'OPTIONS') { res.writeHead(204); return res.end() }