`OPTIONS` HTTP requests should be treated in the same way than `GET` requests by the `VerifyCsrfToken` middleware. Otherwise, an exception is thrown, thus preventing any `OPTIONS` route to work.