MST-334 Make sure the CSRF hooks are in INSTALLED_APPS on Studio (#24607)

cms/envs/common.py

@@ -1328,6 +1328,10 @@ INSTALLED_APPS = [
     # API access administration
     'openedx.core.djangoapps.api_admin',
 
+    # CORS and cross-domain CSRF
+    'corsheaders',
+    'openedx.core.djangoapps.cors_csrf',
+
     # History tables
     'simple_history',
 
@@ -1486,6 +1490,9 @@ INSTALLED_APPS = [
     'django_filters',
     'cms.djangoapps.api',
 
+    # edx-drf-extensions
+    'csrf.apps.CsrfAppConfig',  # Enables frontend apps to retrieve CSRF tokens.
+
     # Entitlements, used in openedx tests
     'entitlements',