{# Django's CSRF middleware does strict Referer checking on HTTPS and hard- rejects same-origin POSTs (like the login form) that arrive with NO Referer header. Some browsers/privacy settings strip it by default, causing intermittent 403s. Forcing same-origin guarantees the Referer is sent for our own POSTs while still not leaking it cross-site. #}
Track every location's signage project — from site survey to install.
This is a working demo with synthetic data.