update

app/Config/Routes.php

@@ -22,4 +22,7 @@ $routes->group('api', function($routes) {
     
     // Standard CRUD via DhivaRoutes (Keep for compatibility)
     DhivaRoutes::Route($routes, 'user', 'SuperUserController');
-});
+});
+
+// Catch all OPTIONS requests for CORS preflight
+$routes->options('(:any)', function () {});

app/Controllers/SuperUserController.php

@@ -22,6 +22,15 @@ class SuperUserController extends BaseController
         $inputUsername = $this->post('username');
         $inputPassword = $this->post('password');
 
+        // Fallback for JSON payload (Angular)
+        if (empty($inputUsername) || empty($inputPassword)) {
+            $json = $this->request->getJSON();
+            if ($json) {
+                $inputUsername = $json->username ?? null;
+                $inputPassword = $json->password ?? null;
+            }
+        }
+
         if (empty($inputUsername) || empty($inputPassword)) {
             $this->respond([
                 'success' => false,