If using rest-dsl and sending in a HTTP OPTIONS then we should just return back the CORS headers, and not route in Camel.
This is also to support the pre-flight HTTP OPTIONS requests, where rest-dsl returns the CORS headers, then the client can send the actual HTTP request afterwards.
Some good details of CORS here
We should maybe also consider trying to leverage native cors filters from jetty / netty etc if they provide one and use that. Though these filters like rest-dsl tend to just specify that anything is possible.
We could in rest-dsl look at the rest model and know what each url path has of HTTP methods, so we can return that instead of allowing all HTTP methods.
if there is a simple rest-dsl model with only
Then the allowed methods is GET, POST for /users and only GET for /users/123.