How to disable OPTIONS verb against the site

[JonBoxTN]

My team has built an SWA application with Angular. One of our team ran a security utility against the app, and it recommended that we disable OPTIONS on the site. Using the staticwebapp.config.json file, we struggled to find a way to do this. Eventually, we discovered a way to achieve this via "routes" in the config file, mapping the OPTIONS to only be executed by a non-existent group.

"routes": [
{
"route": "/*",
"methods": ["OPTIONS"],
"allowedRoles": ["nogroup"]
}
]

This feels like a hack, and I'm hoping someone can point us to a cleaner solution.

[JonBoxTN]

@simonaco looking for wisdom here