Adequate CSRF protection for browser extensions POSTing to Django View

I have been developing a browser extension to complement my Django Application. The extension leverages HTMX, which loads pages fine from the application. POSTing data however, causes grief, as the HTTP Origin header that is sent along with the browser extension request, is unique to each individual install of the browser extension. I.e. Django would see requests from the browser extension from two different users as coming from two distinct Origins: moz-extension://aaaaaaaaa and moz-extension://bbbbbbbbb.

The trouble here is the CSRF protection validates the origin against the CSRF_TRUSTED_ORIGINS list in the settings, as well as the token itself. Naturally I’ve looked for some sort of wildcard (e.g. like for subdomains which is an option) to allow extension requests, but I’ve fallen short.

I would rather not add the @csrf_exempt decorator to the views (one of which inherits from the auth_views.LoginView which can’t be easily exempted).

I am curious if anyone has dealt with anything similar and welcome any and all suggestions that might help me to keep CSRF protection for these views, or perhaps some other alternative I’ve not thought of.

edit: Additional context - None of the application is using DRF