I am using the github.com/rs/cors library to implement CORS in my API. However, the server responds with a 405 method not allowed but the implemented methods are. I'm setting up my middleware like this:

func setupGlobalMiddleware(handler http.Handler) http.Handler {
	handleCORS := cors.New(cors.Options{
		AllowedOrigins: []string{"https://www.myapp.com", "https://myapp.com"},
		AllowedMethods: []string{http.MethodGet, http.MethodPost, http.MethodDelete, http.MethodPatch, http.MethodPut},
		Debug:          true,
	})
	return handleCORS.Handler(handler)
}

What I believe should happen is the cors library calls http.ResponseWriter.WriteHeader() on OPTIONS requests and that's the end of the request processing, but it looks like the request continues processing to the router. Am I missing something, or do I have to implement OPTIONS handlers?