Is CORS an issue here? Are you loading JavaScript from a different site that needs to make requests to your site?
Regarding the CSRF_TRUSTED_ORIGINS, it is needed. (I made a mistake, there is no CSRF_ALLOWED_ORIGINS.)
It will also be helpful if you show how you’re doing the post to Django. Is it a form being posted or some type of AJAX call?