3👍
✅
If you consider it to be safe, here’s how to specifically exempt a normal view from CSRF checking.
However, I’m assuming you’re talking about the contrib.auth views, then you may have to write your own custom version and apply the @csrf_exempt decorator instead of the one that enforces it (ie, copy, paste, change decorator on the method – it’s not as painful as it sounds).
Absolutely worst-case, sledgehammer-to-crack-nut solution: force-disable CSRF altogether, for all views, even django.contrib.* ones that try to enforce CSRF. Upside is you don’t have to hack/fork contrib modules; downside is – well – no CSRF…
Source:stackexchange.com