i know it’s two years later, but the CSRF can be solved with CSRF_TRUSTED_ORIGINS = ['https://your.domain.here/'] in conf/seahub_settings.py file. Just putting it here for anyone else that comes across this. DO note that there’s no trailing / on the end of the domain.