Correct config for cross-domain access to Open edX API

I want to give a React-based frontend application access to the Open edX API in Juniper. This works well with both being based on localhost, or the same domain, but I want to explore other use scenarios.

What I want is for the frontend application to communicate with the API, even if hosted on a different domain. E.g. frontend makes an API call from to the Open edX deployment on

I’ve found some pointers in the direction of configuring CORS and CSRF, but I assume I’d also need to configure some way of issuing JWT to the application? So, specifically, which configurations should be made in the lms/cms.evn.json files and which need be done on the Django Admin side?

Bump! Anyone? Seems odd that no-one has made this config?

Hello Andreas,

Today I encountered a similar problem, and I struggled to find a solution on the documentation and forums.

I finally managed to fix it by enabling CORS in the /edx/etc/lms.yml config file. Specifically, I changed


I assume you can also whitelist your domain by modifying: