add allow OPTIONS-requests filter

[alxgrk]

Browsers typically send pre-flight requests using the OPTIONS-HTTP-method. I would therefore suggest to allow this kind of request by default.

[coveralls]

Coverage increased (+0.1%) to 96.341% when pulling 8720f24349d12107b9b250a7661863139a7e4fb9 on cors-allow-options-request into e45d1b59bb18a775b7e3e24b3636794fb8f8b176 on master.

[alxgrk]

Turned out, that this isn't a good idea... Even OPTIONS requests must be passed through to the actual resource. Closing this PR.