Thanks for the detailed explanations @SigmundGranaas. I realize that setting the access headers via Nginx is inconvenient. So I made a change to Tutor that gets rid of the automatic setting via Nginx: https://github.com/overhangio/tutor/commit/2f7742b099a98d5c9101bacfd9ce703a46e62433
This change is yet unpublished, but you can get it by running Tutor from the master branch.
So this is what you should do:
- Install Tutor from source, from the master branch
- Get rid of the
cors-lmspatch, which was in any case useless (I removed it in the gradebook app). - Add a “openedx-lms-production-settings” patch to your plugin:
CORS_ORIGIN_WHITELIST.append("{{ TFP_HOST }}")
This should add access header to your requests to the LMS. If it doesn’t, we’ll investigate further.
Notice the .append as well as the lack of scheme (“http/https”).