This is a blocker for JS basic and digest auth.

From IRC discussion

[10:38:16] <+kborchers> abstractj: ok, i'm not sure where the fix needs to happen but i need to be able to tell that filter to not happen on OPTIONS requests … is that possible?
[10:39:06] <+kborchers> abstractj: this might help illustrate the issue ...
[10:39:37] <+kborchers> if you go to http://kborchers.github.io/aerogear-js-integration/unit/basicDigest/basicDigest.html and inspect the network traffic, you'll see that my GET request is preflighted with an OPTIONS request (standard CORS stuff)
[10:39:57] <+kborchers> that OPTIONS request is then responded to with a 401
[10:40:06] <+kborchers> that should not happen
[10:40:17] <+kborchers> i should not get a 401 until the actual GET is sent