2👍
You set CSRF_COOKIE_SECURE to True, which means your CSRF cookie will be HTTPS-only (i.e. your browser will only send the cookie over a HTTPS connection).
However, your site is served over HTTP (as evidenced by the fact that there are no SSL directives in your Apache configuration).
Either serve your site over HTTPS, or leave CSRF_COOKIE_SECURE to its default value (which is False).
Source:stackexchange.com