Let other preflight requests through #32
Description
This is a very nice fix but I can't use it because it catches all OPTIONS requests, not just those for font files.
We have a lot of other CORS requests coming into this service and many include credentials. In that case you can't give access to '*' but have to specify domains. Like everyone else we evade this protection by reflecting back the requesting domain. Font_assets intercepts the options request is before it gets to our controller, so this hack can't be applied.
The problem goes away if you omit the economical shortcut for preflight requests and allow them to go through the same if-font-then-headers routine as the main request. I'd be happy to prepare a PR and test case if that's an acceptable solution for you.