disable http csrf cookie param so it can be sent via ajax

config/settings/stage.py

@@ -41,7 +41,8 @@ SESSION_COOKIE_SECURE = True
 SESSION_COOKIE_HTTPONLY = True
 #SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
 CSRF_COOKIE_SECURE = True
-CSRF_COOKIE_HTTPONLY = True
+#disabledd so csrf works with ajax
+CSRF_COOKIE_HTTPONLY = False
 X_FRAME_OPTIONS = 'DENY'
 
 # SITE CONFIGURATION