Many thanks, Tom - you are, of course, quite right. Adding session auth had triggered another subtle bug in some of my middleware, which meant that the CSRF wasn't getting through.
But it was very useful to be told that it *should* be working! All happy now. Ta lots, Quentin -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
