How does one ignore CSRF tokens sent to Django REST Framework?
It sounds like you have SessionAuthentication
enabled, which is the part of Django REST Framework that enforces CSRF for cookie-based authentication. Since you are using JWT, and you mentioned that all pages use JWT for authentication, you should be able to just remove SessionAuthentication
from your list of default authentication classes.
If you actually need it, you can just move it to the bottom of the default classes. Because it is detecting the authentication cookies, and authentication was successful, SessionAuthentication
will fail before JWT is checked.