Correct config for cross-domain access to Open edX API

I want to give a React-based frontend application access to the Open edX API in Juniper. This works well with both being based on localhost, or the same domain, but I want to explore other use scenarios.

What I want is for the frontend application to communicate with the API, even if hosted on a different domain. E.g. frontend makes an API call from example2.com to the Open edX deployment on example.com.

I’ve found some pointers in the direction of configuring CORS and CSRF, but I assume I’d also need to configure some way of issuing JWT to the application? So, specifically, which configurations should be made in the lms/cms.evn.json files and which need be done on the Django Admin side?

Bump! Anyone? Seems odd that no-one has made this config?