I'm trying to have CORS working with with the REST DSL (I'm actually using XML) in a servlet context (to run under tomcat).
I've put enableCORS="true" at the <rest> level and in all my <put> and <get> elements. That seems to work fine as long as I only do GET and PUT queries. The problem is that web clients have to do OPTIONS queries when some criteria are not met. And OPTIONS queries are not returning the required headers (Access-Control-Allow-Origin and Access-Control-Allow-Methods mainly). I just have a weird Allow header.
After trying to add an <options> section in my <rest> section to handle that manually, I've quickly figured out that they where never called. Then I've looked at the code and seen that CamelServlet.service is directly handling the OPTIONS query and is never forwarding them to the consumer. So it seems it's impossible to properly handling CORS queries with my setup.