Suggestions for solving the CORS & CSRF

Hi there,
First of all I’m not sure, but I strongly believe that, we getting CORS problem, due to differences between HOST and URLS.
I’m working to implement some MFE from Open edX, via plugins. I have been faced CORS header problem several times. In my opinion, if we can find solutions for rendering Api URLs, which is different from each other(see DISCOVERY_API_BASE_URL).I believe CORS problem will be solved.
It’s possible to EXPOSE to different PORTS with Plugins/Dockerfile, and Nginx, or .ENV files, but it’s mismatch to applications ORIGIN and URLs, I believe.

Here some examples from Frontend-app-publisher
We are using Tutor 14.0.0 with Nutmeg and we are using this repo

Please help me with cors and crsf

@qali @regis