...
handlePreflightRequests() tells the Router to respond to all OPTIONS (=preflight) requests by setting the appropriate Access-Control-Allow headers according to the global default settings defined in the CORS app instance.
This is necessary to allow POST, PUT and DELETE requests in a Cross Origin situation.
requireApiKey
(since UM 7.55.1)
requireApiKey tells the Router to expect an API key being presented in the Authorization HTTP header following Basic Auth conventions.
requireOpenPassword
requireOpenPassword tells the Router to expect the API token (aka “open password”) to be present in a request header named X-Cmsbs-Open.
...