We have a REST adapter configured to expose and update data of our legacy SAP system. This REST service contains 2 operations/methods: GET and PUT. When a user triggers the standard REST method "OPTIONS" you would expect the method to return the used methods/operations GET en PUT. Instead it returns POST, DELETE, GET, PUT and OPTIONS.

Is there an option somewhere to configure the allowed operations in order to give these as a result when the OPTIONS method is fired? So in our case: To return only GET and PUT as allowed methods?

When testing from ARC REST I noticed that authentication is not used here and it doesn't seem to log in to our SAP PO server, because when I used an invalid password (SAP PO) the method OPTIONS was okay and still gave the same result. Whereas if I would use the same password for a GET/PUT the system would trigger an authentication error.

So it seems to return the allowed methods for the server itself, not the specific service?

Does anybody have experience with this and know how to configure this, preferably for a specific REST service, or maybe there's way to solve this?