POST and PUT requests fail due to missing preflight handling

POST, PUT, DELETE requests and requests with custom headers fail even after enabling basic CORS. Browser sends OPTIONS preflight request before the actual request to verify safety. Failure occurs when server doesn't respond correctly to OPTIONS or doesn't allow the methods/headers.

Configure CORS middleware with explicit methods and allowedHeaders. Set corsOptions.methods to ['GET', 'POST', 'PUT', 'DELETE'] and corsOptions.allowedHeaders to include 'Content-Type' and 'Authorization' at minimum. The cors package handles OPTIONS automatically when configured.