Forbidden (CSRF cookie not set.) Django

Question

I'm trying to do an endpoint API. And for that, i'm using django.

My url in urls.py is:

path('tutorials/', tutorial_list_test.as_view()),

and my views.py is like

class tutorial_list_test(GuestOnlyView, FormView):
    print("test");
    @api_view(['GET', 'POST', 'DELETE'])
    def tutorial_list(self):
        request = self.request;
        if request.method == 'POST':
            alldata=request.POST
            username = alldata.get("username", "0")
            print("POST name: " + username)
            return Response('The tutorial does not exist', status=status.HTTP_404_NOT_FOUND) 

But when i'm doing a request, i have everytime the same error " Forbidden (CSRF cookie not set.): /accounts/tutorials/ "

So I did some research, and I could see several proposed solutions. The first was to use csrf_exempt but it's not working for me:

path('tutorials/', csrf_exempt(tutorial_list_test.as_view())),

And it's the same for all the methods I used. Even if I remove this line from my settings.py, nothing changes

  #  django.middleware.csrf.CsrfViewMiddleware',

To test, I use Postman, but even using my angular front end, it does the same.

const formData = new FormData()
formData.append('username', this.username_signup);

this.http.post('http://127.0.0.1:8000/accounts/tutorials/', formData)
.map((data: Response) => {
  if (data !== null) {
    console.log(JSON.stringify(data));
  };
}).subscribe(response => console.log(response))

I would like to know if you have any idea how I can do this.

Because I need to be able to access my Models, so not using a class and directly making a def is not an option, even if it works.

(I tried, effectively my requests pass, if I remove the class and my route is only linked to my def tutorial_list). Thank you.

Answer 1

from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
@api_view(['GET', 'POST', 'DELETE'])
    def tutorial_list(self):
        # code