An upgrade to a third-party component contained an unexpected additional header value. The header value was not accepted by our API servers leading to a CORS error.
One of our third-party javascript components introduced support for the baggage HTTP header. The header was not accepted by our cross-origin allowed headers policy and the Access Control headers were not returned to prevent potential security issues. Browsers rejected the API request from the UI due to the lack of Access Control headers.
The UI was inaccessible to all customers during this outage. API requests were still working and data was still ingested into the system (e.g. Payroll, ATS, and Equity.)