restore cors header injection from #4171, run [npm travis]

[calebcartwright]

Do Not Merge (til after the next deploy)!

Restores the cors header injection updates originally made in #4171 that were temporarily reverted in #4253

Also ref #4227
Closes #3273

[shields-ci]

	Messages
📖	✨ Thanks for your contribution to Shields, @calebcartwright!

Generated by 🚫 dangerJS against 6f2f361

[joelgallant]

@calebcartwright what was the status of this?

[paulmelnikow]

Should we give this change another shot?

[calebcartwright]

@paulmelnikow, sure whenever is feasible for you from a deployment perspective

(and apologies @joelgallant I must have missed the notification from your message 😬)

[paulmelnikow]

Let's merge it and I'll deploy it tomorrow.

[paulmelnikow]

Given we're moving forward with Heroku, I think we should go ahead and merge this.

[calebcartwright]

Given we're moving forward with Heroku, I think we should go ahead and merge this

Are we all set in the new Heroku environment to measure the impact of this change to determine whether it was the cause of the perf issues we saw around the last time it was deployed?

[paulmelnikow]

Yea, we can keep an eye on the performance. And importantly, if we need more capacity, we can add it!

[calebcartwright]

Yea, we can keep an eye on the performance. And importantly, if we need more capacity, we can add it!

SGTM. I'll do a rebase and make any updates (guessing eslint related) to get CI passing again, and we can take it from there

[chris48s]

@calebcartwright - are you up for rebasing this to get the tests passing so we can try this out again? Hopefully its quite a small job..

[calebcartwright]

haven't forgotten about this. just need to find some time when I can merge and deploy this commit in isolation, and then watch the metrics for a while to see if it causes any spike

[calebcartwright]

Realize this has been sitting for ages. To recap, this was reverted (along with #4254) because of a potential correlation with a performance event observed in our old OVH environment. I've had it parked for a while for various reasons, including some trial comparison periods we've been running with different http client libs.

This should be much easier to deploy in our current Heroku world given how easily we can roll back

[calebcartwright]

Going to merge and deploy this now given that it can be done in isolation (production is currently in sync with the master branch). i'll keep an eye on this today/into the night US time, and check on it again in the morning local time.

As a recap this was reverted because of it being a potential cause of performance issues, so if issues are observed today/tomorrow we should be prepared to rollback prod in Heroku.