Due to Django's default security settings, users connecting to the JSON API over HTTPS URLs tend to get "CSRF token invalid" messages when trying to use the API with the current instructions. This PR adds a bit of text to explain the need to supply a Referer header for the token checks to succeed.
Due to Django's default security settings, users connecting to the JSON API over HTTPS URLs tend to get "CSRF token invalid" messages when trying to use the API with the current instructions. This PR adds a bit of text to explain the need to supply a
Refererheader for the token checks to succeed.