Tutorial | Open edX Nutmeg with Tutor 14 on Ubuntu 20 and disabling rate limiting step by step


I am new to Open edX and wanted to disable CORS (i.e. set CORS_ORIGIN_ALLOW_ALL to true) on my server to have smooth API access. I was not being able to access the APIs from Postman. Below are the logs for a request from postman which was getting errors :

lms_1                        | 2022-06-10 10:39:19,654 INFO 7 [tracking] [user 63] [ip] logger.py:41 - {"name": "/account/password", "context": {"user_id": 63, "path": "/account/password", "course_id": "", "org_id": "", "enterprise_uuid": ""}, "username": "apitestishan", "session": "14edc7bf2d30f64dc815fb969bc63f3e", "ip": "", "agent": "PostmanRuntime/7.29.0", "host": "subdomain.domain.com", "referer": "https://subdomain.domain.com", "accept_language": "", "event": "{\"GET\": {}, \"POST\": {\"email\": [\"ishansheth@test.io\"]}}", "time": "2022-06-10T10:39:19.653930+00:00", "event_type": "/account/password", "event_source": "server", "page": null}

lms_1                        | 2022-06-10 10:39:19,673 INFO 7 [openedx.core.djangoapps.cors_csrf.helpers] [user 63] [ip] helpers.py:64 - Origin 'https://subdomain.domain.com' was not in `CORS_ORIGIN_WHITELIST`; full referer was 'https://subdomain.domain.com' and requested host was 'subdomain.domain.com'; CORS_ORIGIN_ALLOW_ALL=False

lms_1                        | 2022-06-10 10:39:19,677 WARNING 7 [django.security.csrf] [user 63] [ip] log.py:224 - Forbidden (CSRF token missing or incorrect.): /account/password

caddy_1                      | {"level":"error","ts":1654857559.6865408,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"","proto":"HTTP/1.1","method":"POST","host":"subdomain.domain.com","uri":"/account/password","tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"subdomain.domain.com"}},"user_id":"","duration":0.050697593,"size":1019,"status":403}

lms_1                        | [pid: 7|app: 0|req: 213/483] () {54 vars in 2687 bytes} [Fri Jun 10 10:39:19 2022] POST /account/password => generated 1019 bytes in 50 msecs (HTTP/1.1 403) 6 headers in 328 bytes (1 switches on core 0)

I looked around but solutions didn’t seem to work out, one of them did work out and then I wrote a post about it and published it with screenshots on my blog at

This post is focused on how to setup Open edX Nutmeg with Tutor 14 on Ubuntu 20. Hope it helps the community.