Downgrade CORS library to v1.7.0

[Neurostep]

Description

We use cors library to set up CORS handlers for our HTTP servers. In v1.8.0 introduced backwards-incompatible changes that potentially might break the clients. Thus, it might affect the existing behavior of the web-analytics-ingestion which explicitly checks for 200 status codes returned for pre-flight requests.

The spec doesn't tell us what HTTP status to use for prefight responses, but some clients indeed might rely on the 200 status code returned.

In order to avoid any potential problems with CORS, as a short-term solution, we downgrade the cors library to version v1.7.0. As a long-term solution, we raised a PR to the original cors library to provide a way to specify response code for pre-flight requests.

Checklist

• Prefixed the PR title with the JIRA ticket code
• Performed simple, atomic commits with good commit messages
• Verified that the commit history is linear and commits are squashed as necessary
• Thoroughly tested the changes in development and/or staging
• Updated the README.md as necessary

Related links

• Update preflight response status to http.StatusNoContent (204) rs/cors#101
• Option to specify preflight response status code rs/cors#121
• https://fetch.spec.whatwg.org/#cors-preflight-fetch
• https://bugzilla.mozilla.org/show_bug.cgi?id=845881
• https://expressjs.com/en/resources/middleware/cors.html

[fotos]

👍 LGTM 🚀

I see that the upstream PR got approved / merged already. 👏 👏 👏