csrf cookie not set on linux

Question

I know this question is quite popular, before asking it, I researched all the previous questions and their answers, but never found a solution for myself.

My problem is that I am trying to remove the csrftoken validation completely in my application. I understand the vulnerabilities that open up in this case, but this is not critical for me. During development, no errors occur on my computer due to csrftoken, I develop on windows, but when I run it on apache linux, this error appears, only when I am editing an already existing post (no problem when creating a new post) it’s hard for me to imagine the reason why this happens only on a apache linux server, I transfer using docker .

I decided to remove csrftoken from my application for the same reason, on the windows computer on which I developed the application, no errors occurred with csrftoken enabled, but when transferred to a apache linux server, forms using data transfer using js files also gave an error 403.

Settings

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    # 'django.middleware.csrf.CsrfViewMiddleware',
]

CSRF_COOKIE_SECURE = False
CSRF_COOKIE_HTTPONLY = False

I removed in js files csrf_token

{#                        {% csrf_token %}#}

I removed in js files headers

// headers: {'X-CSRFToken': document.querySelector('[name=csrfmiddlewaretoken]').value},

I added in form attribute action=""

<form class="js-edit-event-form" action="">

I already cleared the cookie in my browser, used a different browser, but the error still persists.

I specifically made a mistake in the program in order for django to generate a report, as a result I found the following information on the apache linux server (a distinctive feature is that this information is not available on the local machine on which I develop the project, on windows):

CSRF_COOKIE = 'ijijj34j24345678x6gfddsfvgnkjnhkhkhfd6'
CSRF_COOKIE_USED = True

I tried passing the specified CSRF_COOKIE_USED setting in the settings.py file:

CSRF_COOKIE_USED = False

but this did not lead to the desired result.

I tried adding a decorator but it didn't work:

class EventCard(CreateView):
    template_name = 'main/event_card.html'

    @csrf_exempt
    def get(self, request, Id_Events=None, *args, **kwargs):
        return render(request, self.template_name)

Answer 1

My mistake was that when the session is enabled, the csrf token is implicitly added, even when it is disabled everywhere.

I used the following answer to solve the problem at hand: How to disable Django's CSRF validation?