diff --git a/config/settings/production.py b/config/settings/production.py
index 0701204..662ad78 100644
--- a/config/settings/production.py
+++ b/config/settings/production.py
@@ -41,7 +41,8 @@ SESSION_COOKIE_SECURE = True
 SESSION_COOKIE_HTTPONLY = True
 #SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
 CSRF_COOKIE_SECURE = True
-CSRF_COOKIE_HTTPONLY = True
+#disabledd so csrf works with ajax
+CSRF_COOKIE_HTTPONLY = False
 X_FRAME_OPTIONS = 'DENY'
 
 # SITE CONFIGURATION