When using xhr transports, "cookie" may not already be in headers for preflight request.
If request needs cookies to be set/sent, that check will result in 'Access-Control-Allow-Credentials' not being set.
Also, at least in Chrome/Firefox, setting header to value of True will result in it not being detected properly and you'll get a Credentials flag is true, but Access-Control-Allow-Credentials is not "true" error. 'Access-Control-Allow-Credentials' needs to be set to 'true'
Credentials flag is true, but Access-Control-Allow-Credentials is not "true"
properly set header value, remove check for cookie