openvidu-server: updated SecurityConfig precedence and OPTIONS method

openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java

@@ -74,8 +74,8 @@ public class SecurityConfig {
 	 */
 	protected void configureAuthorization(HttpSecurity http) throws Exception {
 		http.authorizeHttpRequests(auth -> {
-			configurePublicEndpoints(auth);
 			configureProtectedEndpoints(auth);
+			configurePublicEndpoints(auth);
 			configureWebSocketEndpoints(auth);
 		});
 	}
@@ -94,6 +94,9 @@ public class SecurityConfig {
 		} else {
 			auth.requestMatchers(HttpMethod.GET, RequestMappings.RECORDINGS + "/**").hasRole("ADMIN");
 		}
+
+		// Allow CORS preflight requests
+		auth.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll();
 	}
 
 	/**