https://build.spring.io/browse/INT-MJATS41-524 Since SF-4.3 (see https://jira.spring.io/browse/SPR-13130) the `OPTIONS` request, which isn't CORS one (without `HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD`), is handled by new internal `HttpOptionsHandler`, which just responds with `Allow` header.