Add to basket api returns 403 forbidden when user is logged in

[realgyomei]

the add to basket api works just fine with an anonymous user but immediately the user is logged in, it starts returning 403 forbidden. I have 'oscarapi.middleware.ApiBasketMiddleWare','oscarapi.middleware.HeaderSessionMiddleware', in my middleware

[specialunderwear]

I think you need to take a look at precisely what is being returned, there will be more information there.

[realgyomei]

could not find any error message associated with it other than the status(forbidden), how do you propose I check what was returned?

[realgyomei]

I console.logged the response and found this line.
responseJSON:
detail:
"CSRF Failed: CSRF token missing or incorrect."

[realgyomei]

this is my middleware settings:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'oscarapi.middleware.HeaderSessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware',
'oscarapi.middleware.ApiBasketMiddleWare',
]

[r-naeem-afzal]

The 'oscarapi.middleware.HeaderSessionMiddleware' expects you to send a 'Session-Id' header in the request to manage the session. The format of which is given in the documentation of the middleware.
https://django-oscar-api.readthedocs.io/en/stable/topics/middleware.html#header-session-middleware