Hi, I am seeing 403s on HEAD requests made form a NextJS app. For example, a HEAD request made to /create will get a 403, whereas a GET to /create will return a 200. Any ideas? My Oathkeeper config:

serve:
      proxy:
        cors:
          enabled: true
          allowed_origins:
            - "<https://test.domain.dev>"
            - "https://*.test.domain.dev"
          allowed_methods:
            - HEAD
            - POST
            - GET
            - PUT
            - PATCH
            - DELETE
          allowed_headers:
            - Authorization
            - Content-Type
          exposed_headers:
            - Content-Type
          allow_credentials: true

My rules for the NextJS app:

- id: browser:admin
  upstream:
    preserve_host: true
    url: "<http://admin-service.test.svc.cluster.local>"
  match:
    url: "<https://admin.test.domain.dev/><(403|404|500|_next.*).*>"
    methods:
      - HEAD
      - GET
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: noop
  errors:
    - handler: redirect
      config:
        return_to_query_param: "return_to"
- id: browser:protected:admin
  upstream:
    preserve_host: true
    url: "<http://admin-service.test.svc.cluster.local>"
  match:
    url: "<https://admin.test.domain.dev/><(?!403|_next.*).*>"
    methods:
      - HEAD
      - GET
      - POST
      - PUT
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: remote
  mutators:
    - handler: noop
  errors:
    - handler: redirect
      config:
        return_to_query_param: "return_to"
    - handler: redirect
      config:
        to: "<https://admin.test.domain.dev/forbidden>"
        when:
          - error:
              - forbidden
            request:
              header:
                accept:
                  - text/html