diff --git a/b0esche_cloud/lib/widgets/account_settings_dialog.dart b/b0esche_cloud/lib/widgets/account_settings_dialog.dart
index af0a68e..c1139c6 100644
--- a/b0esche_cloud/lib/widgets/account_settings_dialog.dart
+++ b/b0esche_cloud/lib/widgets/account_settings_dialog.dart
@@ -102,7 +102,9 @@ class _AccountSettingsDialogState extends State<AccountSettingsDialog> {
   }
 
   Future<void> _updateProfile() async {
-    if (_currentUser == null) return;
+    if (_currentUser == null) {
+      return;
+    }
 
     setState(() => _isLoading = true);
     try {
diff --git a/go_cloud/bin/api b/go_cloud/bin/api
index b199e73..b507eeb 100755
Binary files a/go_cloud/bin/api and b/go_cloud/bin/api differ
diff --git a/go_cloud/internal/http/routes.go b/go_cloud/internal/http/routes.go
index 7eb7189..19af043 100644
--- a/go_cloud/internal/http/routes.go
+++ b/go_cloud/internal/http/routes.go
@@ -241,15 +241,39 @@ func NewRouter(cfg *config.Config, db *database.DB, jwtManager *jwt.Manager, aut
 		r.Put("/user/profile", func(w http.ResponseWriter, req *http.Request) {
 			updateUserProfileHandler(w, req, db, auditLogger)
 		})
+		r.Options("/user/profile", func(w http.ResponseWriter, req *http.Request) {
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, OPTIONS")
+			w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+			w.WriteHeader(http.StatusOK)
+		})
 		r.Post("/user/change-password", func(w http.ResponseWriter, req *http.Request) {
 			changePasswordHandler(w, req, db, auditLogger)
 		})
+		r.Options("/user/change-password", func(w http.ResponseWriter, req *http.Request) {
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS")
+			w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+			w.WriteHeader(http.StatusOK)
+		})
 		r.Post("/user/avatar", func(w http.ResponseWriter, req *http.Request) {
 			uploadUserAvatarHandler(w, req, db, auditLogger, cfg)
 		})
+		r.Options("/user/avatar", func(w http.ResponseWriter, req *http.Request) {
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS")
+			w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+			w.WriteHeader(http.StatusOK)
+		})
 		r.Delete("/user/account", func(w http.ResponseWriter, req *http.Request) {
 			deleteUserAccountHandler(w, req, db, auditLogger, cfg)
 		})
+		r.Options("/user/account", func(w http.ResponseWriter, req *http.Request) {
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.Header().Set("Access-Control-Allow-Methods", "DELETE, OPTIONS")
+			w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+			w.WriteHeader(http.StatusOK)
+		})
 
 		// Org routes
 		r.Get("/orgs", func(w http.ResponseWriter, req *http.Request) {