We have a @csrf_exempt decorator on the tag and voting views, presumably because those are being submitted via Ajax and so protecting them isn't quite as trivial as including a {% csrf_token %} tag in a form. But it shouldn't be that hard to do (look up if there's some sort of best practice about this, but it's probably just using the {% csrf_token %} tag somewhere that you can jQuery-select it and send it along with the request).
We have a
@csrf_exemptdecorator on the tag and voting views, presumably because those are being submitted via Ajax and so protecting them isn't quite as trivial as including a{% csrf_token %}tag in a form. But it shouldn't be that hard to do (look up if there's some sort of best practice about this, but it's probably just using the{% csrf_token %}tag somewhere that you can jQuery-select it and send it along with the request).