Ajax, CSRF and DELETE
This appears to be a jQuery bug, caused by some confusion as to whether DELETE data should be attached to the URL (like a GET request) or the request body (like a POST)
See this bug report.
You can probably get around this by using the alternative CSRF method for AJAX calls, setting an X-CSRFToken
header on the request. Try changing your AJAX call to look like this:
$.ajax({ type: "DELETE", url: url, beforeSend: function(xhr) { xhr.setRequestHeader("X-CSRFToken", getCookie("csrftoken")); }, success: function() { ... },});