Safari is sending 'Origin' in its headers, and therefor is denied by hapi, which makes the OPTIONS request to fail and return 404:

need to add 'Origin' to the allowed headers to fix the issue:
https://github.com/hapijs/hapi/blob/master/lib/defaults.js#L86