Obtendo um CSRF 403. As instruções console.log abaixo confirmam que estou pegando o token. Estou enviando a solicitação para o mesmo domínio no meu servidor local.

  internal.csrfToken = $.cookie('csrftoken');

  internal.csrfSafeMethod = function(method) {
    // these HTTP methods do not require CSRF protection
    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
    };

  $.ajaxSetup({
    crossDomain: false, // obviates need for sameOrigin test
    beforeSend: function(xhr, settings) {
      console.log("ajaxSetup");
      console.log(internal.csrfToken);
      if (!internal.csrfSafeMethod(settings.type)) {
        console.log("Settings type");
        xhr.setRequestHeader("X-CSRFToken", internal.csrftoken);
      }
    }
  });

  external.submitPayment = function (app_id, charge_now_amount, stripe_plan_id) {
    // Submit a payment to the server and handle any errors.

    $.ajax({
      url: URLS.postPayment,
      type: 'POST',
      data: {
        'app_id': STRIPE_CONFIG.app.id,
        'amount': charge_now_amount,
        'stripe_plan_id': stripe_plan_id
      },
      dataType: 'json',
      success: function(response) {
        alert("Success!");
      },
      error: function(jqXHR, textStatus, errorThrown ) {
        alert("Error!");
      }
    });

  };