Django 休息框架 CSRF_TRUSTED_ORIGINS 设置不起作用

我正在设置

CSRF_TRUSTED_ORIGINS

以确保，当我从

localhost

发送请求时，它不应该验证它。

setting.py

...
...
CSRF_TRUSTED_ORIGINS = [
    ...
    'http://localhost',
    'https://localhost',
    'http://127.0.0.1',
    'https://127.0.0.1',
    ...
]
...
...

当我发送请求时，它给我错误。

curl -k --cert ~/.ssh/cert --key ~/.ssh/key https://localhost/api/v1/key/key/review/ -X PUT -H "Content-type: application/json" -H "Accept: application/json" -d '{"state": "APPROVED"}' --referer https://localhost

{"detail":"CSRF Failed: Referer checking failed - https://localhost does not match any trusted origins."}

我看到本地主机在

CSRF_TRUSTED_ORIGINS

但它仍然抱怨这个。

如何设置不检查

CSRF

的东西？