I'm using Django Rest Framework with JWT as authentication mechanism. As far as I've understood, using JWT authentication makes the CSRF-token check not necessary as long as the token is not stored in a cookie.
However, checking the django-rest-framework-jwt code and the Django CsrfViewMiddleware I don't understand which part of the code turns off the CSRF-token check for JWT-based authentication.
Does somebody know and can point to the relevant parts of the code?
CSRF exemption happens in APIView.as_view provided by Django REST Framework.