Django requires it so ajax posts to the server require CSRF protection. But CSRF requires cookies to be enabled or django will 404 the request. Assuming that nobody has cookies enabled, how should I handle my ajax posts? I don't want to use the @exempt_csrf decorator for security issues.
(Not sure if csrf protection is even needed for what i'm doing, the ajax requests are just for upvoting and downvoting posts like on this website)
Thank you guys!
Django's in-built CSRF protection will not work without cookies. https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-it-works
You need to roll your own CSRF protection for these views, if you decide it is required. Or use something like https://github.com/mozilla/django-session-csrf (per Abid A's answer, the session framework require cookies so this won't help in your case.)