[Answered ]-Does both csrftoken cookie AND csrf_token INPUT type required in django

Cross-site request forgery :

Cross-site request forgery, also known as a one-click attack or session riding and
abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby  
unauthorized commands are transmitted from a user that the website trusts.Unlike cross-
site scripting (XSS), which exploits the trust a user has for a particular site, CSRF 
exploits the trust that a site has in a user's browser.

Using a secret cookie

Remember that all cookies, even the secret ones, will be submitted with every request.
All authentication tokens will be submitted regardless of whether or not the end-user 
was tricked into submitting the request. Furthermore, session identifiers are simply
used by the application container to associate the request with a specific session 
object. The session identifier does not verify that the end-user intended to submit
the request.

Only accepting POST requests

Applications can be developed to only accept POST requests for the execution of business 
logic. The misconception is that since the attacker cannot construct a malicious link,
a CSRF attack cannot be executed. Unfortunately, this logic is incorrect. There are
numerous methods in which an attacker can trick a victim into submitting a forged POST
request, such as a simple form hosted in attacker's website with hidden values. This 
form can be triggered automatically by JavaScript or can be triggered by the victim who
thinks form will do something else.

Reference link

Django sets the csrftoken cookie every time when you request the server, and when you post the data from client to server this token matches that token, If it matches no probs and if not matches it throws an error it is malicious request.

If You can use the csrf_exempt decorator to disable CSRF protection for a particular view.

from django.views.decorators.csrf import csrf_exempt

then write @csrf_exempt before your view