0👍
The CSRF middleware looks for the following COOKIE:
request.COOKIES[settings.CSRF_COOKIE_NAME]
And compare it to the POST csrfmiddlewaretoken.
So you have to make sure that the call to node sets the correct cookie name in:
'Cookie': 'csrftoken=' + data.csrf`
And also, that the POST includes a csrfmiddlewaretoken. It’s safe to access the COOKIE in javascript and send it as the correct token, just make sure you use CSRF_COOKIE_SECURE. The better way is usually to let django put the token as an input field, and set the cookie separately.
Source:stackexchange.com