2👍
✅
If you have 'django.middleware.csrf.CsrfViewMiddleware', in MIDDLEWARE_CLASSES in your project settings.py then CsrfViewMiddleware is automatically validate the csrf_token. This is mentioned in the documentation also:
For all incoming requests that are not using HTTP GET, HEAD, OPTIONS
or TRACE, a CSRF cookie must be present, and the ‘csrfmiddlewaretoken’
field must be present and correct. If it isn’t, the user will get a
403 error.This check is done by CsrfViewMiddleware.
Source:stackexchange.com