1👍
✅
I think Django’s csrf exploit protection is at work. One work-around is to turn off the protection by decorating get_candidate_prices_and_xpaths with @csrf_exempt (i.e. add a line before this function with just ‘@csrf_exempt’ on it, and also earlier in your file ‘from django.views.decorators.csrf import csrf_exempt’). I had a similar problem with my API’s. The better solution is to embed the relevant fragment in your page’s template. The csrf Django feature is to avoid security exploits when browsing pages – the Django documentation explains more.
Source:stackexchange.com