Sorry, I’m neither familiar with this, nor understand django to make a guess. I hope other folks with experience can help point you to the right direction.
Print the CSRF token on your page into hidden input with Django and then set the header.
setRequestHeader(“X-CSRFToken”, csrftoken from the hidden input);
I believe this will work for you
In your after-request responses you can set a header for CSRF Tokens for Aurelia to extract it… Or you can set a cookie instead of a header to extract it from Aurelia.