Pass through OPTIONS requests without oauth redirect

[z0rc]

Deploying this function results in blocking any CORS request. Main issue here is that when browser issues preflight request via OPTIONS (https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0 and https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request) it doesn't include any cookies, that results in constant redirect to oauth provider, that cannot be completely resolved, because there are no cookies allowed.

Unfortunately CloudFront doesn't allow specifying that OPTIONS requests should be executed without triggering Lambda@Edge function. The only way to pass those requests is in function code only.

[rustymcg9000]

Any feedback with this issue at all ? Now that CloudFront is triggering a preflight request (which it wasn't 6 months ago), this approach is no longer valid.