From 38d1df33e2d8cdfba47092e76c0e9342beb7275f Mon Sep 17 00:00:00 2001
From: Simon Chen <schen@edx.org>
Date: Fri, 24 Jul 2020 17:04:46 -0400
Subject: [PATCH] MST-334 Make sure the CSRF hooks are in INSTALLED_APPS on
 Studio (#24607)

---
 cms/envs/common.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/cms/envs/common.py b/cms/envs/common.py
index 87c3a31aee..50f406e6e8 100644
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -1328,6 +1328,10 @@ INSTALLED_APPS = [
     # API access administration
     'openedx.core.djangoapps.api_admin',
 
+    # CORS and cross-domain CSRF
+    'corsheaders',
+    'openedx.core.djangoapps.cors_csrf',
+
     # History tables
     'simple_history',
 
@@ -1486,6 +1490,9 @@ INSTALLED_APPS = [
     'django_filters',
     'cms.djangoapps.api',
 
+    # edx-drf-extensions
+    'csrf.apps.CsrfAppConfig',  # Enables frontend apps to retrieve CSRF tokens.
+
     # Entitlements, used in openedx tests
     'entitlements',