From what I can gather, the OPTIONS endpoint is used to help facilitate CRSF (Cross-Site Request Forgery) prevention.
If my server is only intended for native mobile apps, I am guessing I don’t need it? and also don’t need CORS set up?
But then couldnt it be used by dodgy websites?