From d08e93d42c26b4208cd9930953d4dffd07ea34c4 Mon Sep 17 00:00:00 2001
From: Kristin Aoki <42981026+KristinAoki@users.noreply.github.com>
Date: Tue, 12 Dec 2023 09:09:18 -0500
Subject: [PATCH] feat: update cors headers for cross domain request (#33898)

---
 cms/envs/common.py     | 2 ++
 cms/envs/devstack.py   | 2 ++
 cms/envs/production.py | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/cms/envs/common.py b/cms/envs/common.py
index 8e538e8f56..4ded7a9cff 100644
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -2503,6 +2503,8 @@ if FEATURES.get('ENABLE_CORS_HEADERS'):
     CORS_ALLOW_INSECURE = False
     CORS_ALLOW_HEADERS = corsheaders_default_headers + (
         'use-jwt-cookie',
+        'content-range',
+        'content-disposition',
     )
 
 LOGIN_REDIRECT_WHITELIST = []
diff --git a/cms/envs/devstack.py b/cms/envs/devstack.py
index 7deb16c7eb..74f5933822 100644
--- a/cms/envs/devstack.py
+++ b/cms/envs/devstack.py
@@ -258,6 +258,8 @@ CORS_ALLOW_CREDENTIALS = True
 CORS_ORIGIN_ALLOW_ALL = True
 CORS_ALLOW_HEADERS = corsheaders_default_headers + (
     'use-jwt-cookie',
+    'content-range',
+    'content-disposition',
 )
 
 ################### Special Exams (Proctoring) and Prereqs ###################
diff --git a/cms/envs/production.py b/cms/envs/production.py
index 262d0d4c46..fb396f9e3d 100644
--- a/cms/envs/production.py
+++ b/cms/envs/production.py
@@ -608,6 +608,8 @@ if FEATURES.get('ENABLE_CORS_HEADERS'):
     CORS_ALLOW_INSECURE = ENV_TOKENS.get('CORS_ALLOW_INSECURE', False)
     CORS_ALLOW_HEADERS = corsheaders_default_headers + (
         'use-jwt-cookie',
+        'content-range',
+        'content-disposition',
     )
 
 ################# Settings for brand logos. #################