Hi everyone, since it's my first post, first of all cheers for the platform. I managed to run a simple django app with very few headaches.
The app is at a very early stage, and offers only a couple of functionalities, none of which requires user log-in, thus I didn't set up any https certificate, nor a private domain, and it is running on myusername.pythonanywhere.com
My question is about CSRF. I did follow the ajax-set suggested by the most recent django documentation (https://docs.djangoproject.com/en/1.11/ref/csrf/#ajax), and it has worked correctly for a long time in my local env (that is, in my laptop and via 127.0.0.1:8000). In simpler words, every post request works fine there.
Now, the app is running fine also after deployment in this host, but I needed to revert many of the steps in the django "deployment checklist". Mainly I removed the CsrfViewMiddleware from my settings, and also set the related settings to False.
I would like to understand the source of the problem, and if all I need is to set up a https certificate when I'll upgrade the app to its full version.
Cheers!