Django is rejecting the Square SDK example card.html form submission because of a missing CSRF token. I’ve tried including it in the body of the POST but it’s still getting rejected.
Python’s Django framework requires CSRF middleware tokens on all POST requests as a security standard. It’s considered good practice to always require one even in js/jquery submits.
I added the @csrf_exempt decorator to the receiving View function to override the default behaviour. I mean, if you’re absolutely sure it’s not required/good practice then I’ll just leave it but it seems odd that the only POST in my project without a CSRF token is credit card submit of all things!
That said, you guys are the experts and there are tokens built into the process so I’ll go with what you recommend.