Authentication for preflighted requests

[helgehatt]

Follow-up question to #3240

I have configured my frontend to include credentials when sending requests to the backend. GET requests work fine, however POST requests which are preflighted send an OPTIONS request without credentials, which is subsequently unauthorized by the proxy authentication. Is there any way to solve this? OPTIONS requests should exclude credentials as per the CORS specification, and the server should be configured to respond with 200 or 204, however in this case the OPTIONS request never reaches the server.

[code-asher]

Good point, this is a bug. I opened an issue if someone wants to take a crack at it: #7283