Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. This is commonly exploited through forms hence the need for django to enforce it in the construction structure. in simple terms they are helping you to pay attention to security from the word go when working with django.
check out this link:https://en.wikipedia.org › wiki › Cross-site_request_forgery
When we send get requests to server which contains forms. If we have csrf_token there then Server send csrf token( random string) with the form. Then when we submit that form with post request method. Server check that string (csrf token) to insure that this is same form send by server.
It prevents random user to send post request. it Insure integrity .
Though it is not necessary to use csrf token with form. It is only necessary with post method. If you use get request it is not required csrf token.