kaashmonee
commented
4 years ago @bl-nero I believe the CSRF settings have been set up to handle requests from the same server. Since the frontend and the backend are running on the same server, the Django server accepts requests coming from localhost. This setting has been defined here: https://github.com/Lifespark-Technologies/Infomed/blob/8a3326bec7afa37b309a66a57c770230a51589df/infomed/settings.py#L141.
Would this help resolve the issue?
We have a CSRF module in Django, but it doesn't work, since I'm able to launch POST and DELETE requests without caring about CSRF tokens.