From 3f512f5659cfbb3c53999cde6ff557591740252b Mon Sep 17 00:00:00 2001
From: Jim Heising <jheising@gmail.com>
Date: Tue, 2 Dec 2025 19:29:27 -0800
Subject: [PATCH] Added PATCH method to CORS headers (#11066)

Added PATCH http method to access-control-allow-header-methods header because there are now PATCH endpoints exposed in the API.

See https://github.com/comfyanonymous/ComfyUI/blob/277237ccc1499bac7fcd221a666dfe7a32ac4206/api_server/routes/internal/internal_routes.py#L34 for an example of an API endpoint that uses the PATCH method.
---
 server.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server.py b/server.py
index e3bd056d9..ac4f42222 100644
--- a/server.py
+++ b/server.py
@@ -98,7 +98,7 @@ def create_cors_middleware(allowed_origin: str):
             response = await handler(request)
 
         response.headers['Access-Control-Allow-Origin'] = allowed_origin
-        response.headers['Access-Control-Allow-Methods'] = 'POST, GET, DELETE, PUT, OPTIONS'
+        response.headers['Access-Control-Allow-Methods'] = 'POST, GET, DELETE, PUT, OPTIONS, PATCH'
         response.headers['Access-Control-Allow-Headers'] = 'Content-Type, Authorization'
         response.headers['Access-Control-Allow-Credentials'] = 'true'
         return response