Whenever I worked with forms in previous versions of Django, I never had to use @ensure_csrf_cookie to make it work. Usually if it’s a POST form, I just add {% csrf_token %} inside the form, or if it’s through javascript I follow this method
I created a new Django3.0.8 project using Python3.8 and it seems without using @ensure_csrf_cookie the ‘csrftoken’ cookie never gets set in the browser. Is this how csrf works in Django3 or is it a bug? How do I make it so that csrftoken gets set on all the views?