That can be done in HttpMethodHandler. A handler for the request URI "*" can be added at the beginning of the handler chain.
Open questions:
should the user be able to override the OPTIONS behaviour?
how does options relate to restricted resources? (authentication required)
according to CORS, OPTIONS requests should not require authentication; many servers do, however, and it might impose a security risk to allow checking resources without authentication.
therefore, OPTIONS should not require authentication by default, but this behaviour should be overridable
That can be done in
HttpMethodHandler. A handler for the request URI "*" can be added at the beginning of the handler chain.Open questions: