Check if you are using Django 4.0. I was using 3.2 and had this break for the upgrade to 4.0.
If you are on 4.0, this was my fix. Add this line to your settings.py. This was not required when I was using 3.2 and now I can’t POST a form containing a CSRF without it.
CSRF_TRUSTED_ORIGINS = ['https://*.mydomain.com','https://*.127.0.0.1']
Review this line for any changes needed, for example if you need to swap out https for http.
Root cause is the addition of origin header checking in 4.0.
https://docs.djangoproject.com/en/4.0/ref/settings/#csrf-trusted-origins
Changed in Django 4.0:
Origin header checking isn’t performed in older versions.