Add OPTIONS method and X-CSRF-Token to middleware

The OPTIONS HTTP method has been added to the 'Access-Control-Allow-Methods' in the middleware. Additionally, 'X-CSRF-Token' is now included in the 'Access-Control-Allow-Headers'. These changes ensure more robust handling of CORS and CSRF protection.

frontend/middleware.ts

@@ -16,11 +16,11 @@ export function middleware(req: NextRequest) {
     );
     res.headers.append(
       'Access-Control-Allow-Methods',
-      'GET,DELETE,PATCH,POST,PUT'
+      'GET,OPTIONS,DELETE,PATCH,POST,PUT'
     );
     res.headers.append(
       'Access-Control-Allow-Headers',
-      'Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, Apollo-Require-Preflight, Origin, X-Requested-With, Authorization'
+      'Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, Apollo-Require-Preflight, Origin, X-Requested-With, Authorization, X-CSRF-Token'
     );
   } else {
     // generic CORS policy omitted for brevity....