CORS Error with hosted Saas LearningLocker

[nudoru]

Possibly an error due to a misunderstanding on my end, but I cannot get it to send statements to a hosted Learning Locker LRS on their platform at their end point: http://saas.learninglocker.net/data/xAPI

Running from localhost or our web server will results in an error: Credentials flag is 'true', but the 'Access-Control-Allow-Credentials' header is ''. It must be 'true' to allow credentials.

Is there a known issue or fix for this?

[brianjmiller]

I'm not entirely clear on how the credentials flag is true since the library itself doesn't set it. (See https://github.com/RusticiSoftware/TinCanJS/issues/104 for discussion of how we'd go about adding the ability to make it true.) The library is tested against an LRS using CORS and that is not a header that has typically been set by the server side so it seems something is odd in the use of TinCanJS.

[nudoru]

Let me check with the Learning Locker team on this - maybe they know something. It's a sandbox they've set up for us to test on.

[nudoru]

They aren't quite sure what's up. I created a vanilla JS XMlHttpRequest with basic auth and not setting withCredentials and it's working. When I get time, I'll dig deeper in to the cause.