Whitelist application in Ansible Tower

I've built a web app for my company and am able to query data from the Ansible Tower api in Postman just fine with a token. But I'm getting a CORS error in my web app. The Ansible Tower docs say you need to whitelist the url of the application. I'm an admin on our Ansible Tower site but I can't seem to figure out where to add the whitelist. Can anyone point me in the right direction?

I tried setting it through Tower UI > Settings > Jobs > Extra Environment Variables. We had a JSON object in that field with proxy settings and it would only take JSON on save.

This is from the documentation:
"The best way to set up app integrations with Ansible Tower using the Authorization Code grant type is to whitelist the origins for those cross-site requests. More generally, you need to whitelist the service or application you are integrating with Tower, for which you want to provide access tokens. To do this, have your Administrator add this whitelist to their local Tower settings:

CORS_ORIGIN_REGEX_WHITELIST = [
r"http://django-oauth-toolkit.herokuapp.com",
r"http://www.example.com"
]

Where http://django-oauth-toolkit.herokuapp.com and http://www.example.com are applications needing tokens with which to access Tower."