To use CSRF protection:

1. In settings.py, ensure that MIDDLEWARE_CLASSES includes 
'django.middleware.csrf.CsrfViewMiddleware'
but not
'django.middleware.csrf.CsrfResponseMiddleware'.

2.  Ensure that every GET request is side-effect free.

3.  In every form with method POST and an *internal* action, add the following template tag immediately after the form tag: 
{% csrf_token %}

4.  In views.py, add the following line:
from django.template import RequestContext

5.  In every view in views.py that renders a template that contains a form with a csrf token (#3 above), modify every call to render_to_response by adding an additional argument as follows:
return render_to_response(template,
                          context,
                          context_instance=RequestContext(request))

6.  In some cases, it is necessary to use the less secure legacy method. 
That is, include both
'django.middleware.csrf.CsrfViewMiddleware'
and
'django.middleware.csrf.CsrfResponseMiddleware' 
in MIDDLEWARE_CLASSES, and ignore the remaining instructions.

7.  To omit CSRF protection completely, omit both middleware classes and ignore all the remaining instructions.