Disaled CSRF for GQL endpoint, which uses JWT anyway.

am/am/urls.py

@@ -12,6 +12,7 @@
 from django.conf.urls.static import static
 from django.conf.urls import handler404, handler500
 from django.conf import settings
+from django.views.decorators.csrf import csrf_exempt
 
 from graphene_django.views import GraphQLView
 
@@ -20,7 +21,7 @@
 urlpatterns = [
                   url(r'^admin/', admin.site.urls),
                   url(r'^$', HomePageView.as_view()),
-                  url(r'^graphql', GraphQLView.as_view(graphiql=True)),
+                  url(r'^graphql', csrf_exempt(GraphQLView.as_view(graphiql=True))),
                   url(r'^bills/$', BillsHomeView.as_view()),
                   url(r'^people/$', PeopleHomeView.as_view()),
                   url(r'^bills/(?P<id>[\w-]+)/$', BillDetailView.as_view(), name='bill'),