diff --git a/cms/envs/common.py b/cms/envs/common.py
index 8e538e8f56..4ded7a9cff 100644
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -2503,6 +2503,8 @@ if FEATURES.get('ENABLE_CORS_HEADERS'):
     CORS_ALLOW_INSECURE = False
     CORS_ALLOW_HEADERS = corsheaders_default_headers + (
         'use-jwt-cookie',
+        'content-range',
+        'content-disposition',
     )
 
 LOGIN_REDIRECT_WHITELIST = []
diff --git a/cms/envs/devstack.py b/cms/envs/devstack.py
index 7deb16c7eb..74f5933822 100644
--- a/cms/envs/devstack.py
+++ b/cms/envs/devstack.py
@@ -258,6 +258,8 @@ CORS_ALLOW_CREDENTIALS = True
 CORS_ORIGIN_ALLOW_ALL = True
 CORS_ALLOW_HEADERS = corsheaders_default_headers + (
     'use-jwt-cookie',
+    'content-range',
+    'content-disposition',
 )
 
 ################### Special Exams (Proctoring) and Prereqs ###################
diff --git a/cms/envs/production.py b/cms/envs/production.py
index 262d0d4c46..fb396f9e3d 100644
--- a/cms/envs/production.py
+++ b/cms/envs/production.py
@@ -608,6 +608,8 @@ if FEATURES.get('ENABLE_CORS_HEADERS'):
     CORS_ALLOW_INSECURE = ENV_TOKENS.get('CORS_ALLOW_INSECURE', False)
     CORS_ALLOW_HEADERS = corsheaders_default_headers + (
         'use-jwt-cookie',
+        'content-range',
+        'content-disposition',
     )
 
 ################# Settings for brand logos. #################