How does Django set CSRF Cookie?

When testing setting/reading cookies via JavaScript, I see Django sets a csrftoken cookie. There is no javascript on the page that sets the cookie, and I checked the Response Headers and can’t see a Set-Cookie header.

I can see a request csrftoken header cookie, but not in the response.

Looking at the auth login in code, I traced the code to setting cookies to:
However that code appears to be setting a dict, that something else consumes, so I don’t know how to trace it from there.

So how does Django set a cookie successfully that is maintained between reloads and different pages?

It looks like that dict is converted into the tuples in django.core.handlers.wsgi.WSGIHandler, specifically in the __call__ method.