I’m building an app using Django on the backend and Angular on the frontend and am configuring CSRF. I have gone the route of configuring Angular to use Django’s cookie name & header, i.e. cookie name “csrftoken” and header “X-CSRFTOKEN”.
I am not seeing the CSRF cookie being set on the initial fetch of the app, which is processed by this view (sorry for the bad formatting):
def index(request):
return HttpResponseRedirect(“/static/app/app-frontend/browser/index.html”)
I do see the csrftoken cookie being set by views that call render(). Is this expected? Thanks in advance.