Django rest framework giving a 403 forbidden “CSRF token missing or incorrect.” when sending through a post request using Angular only when user is logged in.

[Marcus Grass]

Hi, I'm trying to make a post request from a logged in user through a view processed with Angular 6, with no Django template logic, and getting a 403 forbidden response. 

Im using Django 2.0.3, DRF 3.8.3, and Angular 6 to make the request. A more thorough description of the problem can be found in my Stack Overflow post here but in short

I am getting the cookie right in my Angular app, as shown in the browser console here: 

And it's being sent with the post request as is shown here: 

I've also tried to extract the 'csrftoken' value from the cookie and included it with my post request as 'csrfmiddlewaretoken':token. 

Neither has worked.

I have set CSRF_USE_SESSIONS = False in my settings.py, and my default auth method with DRF is sessionauthentication.

Anyone have any clues what might be going wrong here?