Now I finally understand (more or less) what is going on. I did what might seem obvious, I looked in the browser if there actually is a cookie csrftoken on http://capsence.pythonanywhere.com/ and, yes there is. Then looking for info on Django and CSRF I found this comment on a forum: "Django now has Cross Site Request Forgery protection built in, and it is automatically enabled in new projects." I assumed all the time that taking it out of the settings file would disable it, well apparently it doesn't, you can not disable it.
So I added the token by copying the value of the cookie in a csrfmiddlewaretoken header and it seems to be working.
It does bring up some interesting questions.
1 On march 14 we tested our app over 10 times without a problem so a 200 and on march 17 without any change from our side we get a 403.
I understand from the documentation that a check is done on any POST httprequest so why 200 one day and 403 the next.
2 Since the site is public I assume that everybody who knows how developer tools work on a browser can just have a look at the csrftoken cookie value which seems quit strange.
3 and it does conflict with you answer a while back that is it our service that uses capsence on pythonanywhere and not pythonanywhere that causes the 403... it is capsence on pythonanywhere that causes the 403.
Or I just did not understand you correctly.
I thought I let you know,
37.48.78.102 - - [14/Mar/2015:15:27:00 +0000] "POST /rest/batch/ HTTP/1.1" 200 23576 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [14/Mar/2015:15:27:43 +0000] "POST /rest/batch/ HTTP/1.1" 200 5543 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [14/Mar/2015:16:10:26 +0000] "POST /rest/batch/ HTTP/1.1" 200 5549 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [14/Mar/2015:16:33:39 +0000] "POST /rest/batch/ HTTP/1.1" 200 5549 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [14/Mar/2015:16:34:46 +0000] "POST /rest/batch/ HTTP/1.1" 200 5543 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [14/Mar/2015:16:35:27 +0000] "POST /rest/batch/ HTTP/1.1" 200 5543 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [14/Mar/2015:16:40:45 +0000] "POST /rest/batch/ HTTP/1.1" 200 5543 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [14/Mar/2015:16:41:00 +0000] "POST /rest/batch/ HTTP/1.1" 200 5543 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [14/Mar/2015:17:08:48 +0000] "POST /rest/batch/ HTTP/1.1" 200 14758 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [14/Mar/2015:17:10:50 +0000] "POST /rest/batch/ HTTP/1.1" 200 14758 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [14/Mar/2015:17:12:54 +0000] "POST /rest/batch/ HTTP/1.1" 200 14758 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [14/Mar/2015:17:19:37 +0000] "POST /rest/batch/ HTTP/1.1" 200 14758 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [14/Mar/2015:17:38:32 +0000] "POST /rest/batch/ HTTP/1.1" 200 14758 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [17/Mar/2015:11:54:26 +0000] "POST /rest/batch/ HTTP/1.1" 403 1105 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"
37.48.78.102 - - [17/Mar/2015:11:54:35 +0000] "POST /rest/batch/ HTTP/1.1" 403 1105 "http://antsent.net/" "Httpful/0.2.17 (cURL/7.35.0 PHP/5.5.9-1ubuntu4.3 (Linux) Apache/2.4.7 (Ubuntu))" "37.48.78.102"