Hi, Our application uses org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter to process preflight. We need to configure this filter so that it does not attempt to find the resource method (findResourceMethod=false). When the request is successfully answered, CORS headers are correctly set in the response. But if my request is rejected by another CXF filter (for instance because it is not authorized or not authenticated), the CXF Exchange is not instrumented and CORS headers are not set in the response. What can I do to have CORS headers properly set?
Regards, Rémi
