XSA CORS - OPTIONS request forbidden

Hi,

I have a problem configuring CORS on my Java application (it's deployed with push command via xsa client, as .war file, means it is not an .mtar archive so I cannot add .mtad or xs-app.json probably).

The problem is that preflight request (OPTIONS) doesn't pass (403 Forbidden status is returned) and also I can see in logs of my application that this request doesn't even get to my internal CORS filter (configured in web.xml of my application).

So my conclusion is that router bound to my application is blocking OPTIONS request probably.

Is there any way to configure the application, or router, to serve OPTIONS request, without converting my application (.war) to .mtar archive and restructuring everything?

Thanks in advance.