Django’s CSRF protection is usually a great thing, but when building (API) endpoints meant to be accessed by scripts/third parties it gets in the way of that.
This is how to disable it:
For a class based view
from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt
@method_decorator(csrf_exempt, name='dispatch')
class MyView(View):
pass
For a function based view
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def my_view(request):
pass