1👍
✅
Found solution based on other SO post, and the method is to add a hidden field with csrf_token like:
res = format_html('''
<form method="POST">
<input type="hidden" name="csrfmiddlewaretoken" value="{}" />
{}
</form>''', csrf(html_request)['csrf_token'], ...)
Source:stackexchange.com