re-implement simple CORS middleware for blackd

[zsol]

Description

This PR removes Black's dependency on aiohttp-cors because it seems to be unmaintained and spewing DeprecationWarnings (due to the use of @coroutine decorators).

TODO

• Add a CHANGELOG entry
• Add tests
• Actually remove aiohttp-cors from setup.py
• Actually remove aiohttp-cors from Pipfile

[zsol]

mypy can't figure out the type of impl here unfortunately - it complains about returning an Any value instead of Middleware. @JelleZijlstra any ideas?

[JelleZijlstra]

What version of aiohttp are we using? On master (https://github.com/aio-libs/aiohttp/blob/master/aiohttp/web_middlewares.py#L34) it looks like the decorator does nothing.

[zsol]

Looks like 3.6 and above:

black/setup.py

Line 89 in d08f95a

"d": ["aiohttp>=3.6.0"],

We could update this, but I'd prefer doing it in a separate PR

[JelleZijlstra]

For what it's worth the decorator does do something on aiohttp 3.6: https://github.com/aio-libs/aiohttp/blob/3.6/aiohttp/web_middlewares.py#L34. I'm not sure why mypy turns the function into Any here though; the type annotations seem like they should work.

[ichard26]

I'm very concerned about the changes within Pipfile.lock. I suspect pipenv removed too much, eg. dataclasses. I have some experience (un)fortunately in this regard and I'll try to reduce the lockfile changes to avoid breakage.

[zsol]

You're right, dataclasses got downgraded to 0.6 accidentally, let me see if I can fix that

[zsol]

I gave up on trying to get pipenv to not revert the dataclasses version :)

[ichard26]

I wasn't able to get the cleanest Pipfile.lock diff ever but this should do for the time being (ignoring the dataclasses fiasco).

[ichard26]

This looks fine to me but the only knowledge of CORS I have comes from a quick read of the MDN documentation. I hope someone else with more web dev experience can pitch in.