Include CSRF cookie with first GET request

arches_lingo/settings.py

@@ -301,7 +301,7 @@
 NOCAPTCHA = True
 # RECAPTCHA_PROXY = 'http://127.0.0.1:8000'
 if DEBUG is True:
-    SILENCED_SYSTEM_CHECKS = ["captcha.recaptcha_test_key_error"]
+    SILENCED_SYSTEM_CHECKS += ["captcha.recaptcha_test_key_error"]
 
 
 # EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'  #<-- Only need to uncomment this for testing without an actual email server

arches_lingo/src/arches_lingo/api.ts

@@ -12,7 +12,6 @@ function getToken() {
 export const login = async (username: string, password: string) => {
     const response = await fetch(arches.urls.api_login, {
         method: "POST",
-        credentials: "include",
         headers: { "X-CSRFTOKEN": getToken() },
         body: JSON.stringify({ username, password }),
     });
@@ -30,7 +29,6 @@ export const login = async (username: string, password: string) => {
 export const logout = async () => {
     const response = await fetch(arches.urls.api_logout, {
         method: "POST",
-        credentials: "include",
         headers: { "X-CSRFTOKEN": getToken() },
     });
     if (response.ok) {

arches_lingo/views.py

@@ -6,6 +6,7 @@
 from django.shortcuts import render
 from django.utils.translation import gettext_lazy as _
 from django.utils.decorators import method_decorator
+from django.views.decorators.csrf import ensure_csrf_cookie
 from django.views.generic import View
 
 from arches.app.models.models import (
@@ -204,6 +205,7 @@ def get(self, request):
 
 
 class LingoRootView(BaseManagerView):
+    @method_decorator(ensure_csrf_cookie)
     def get(self, request, graphid=None, resourceid=None):
         context = self.get_context_data(main_script="views/root")
         context["page_title"] = _("Lingo")