Right! Your issue is different than this other conversation. You are having issues connecting to the Discovery service, not the LMS. That means that the Discovery service should be setting “Access-Control-Allow-Origin” headers. Thus, what you need is for your plugin to patch the tutor/production.py and tutor/development.py settings from the tutor-discovery plugin: you should add there CORS_ORIGIN_WHITELIST.append("{{ PUBLISHER_HOST }}"), or something similar.
Unfortunately for you, the discovery settings do not include any {{ patch(...) } }} statement. So we would need to add some there.
So I just did that 
The new plugin will be published as tutor-discovery v10.1.7 in a few minutes and comes with a few patch statements that will allow you to extend the CORS_ORIGIN_WHITELIST setting: https://github.com/overhangio/tutor-discovery/commit/2da983c45848476868db191906e7d83bccad6678