Add information on how to deal with CSRF protection (#838)

docs/installation.rst

@@ -67,3 +67,25 @@ The most basic ``schema.py`` looks like this:
 
 
 To learn how to extend the schema object for your project, read the basic tutorial.
+
+CSRF exempt
+-----------
+
+If have enabled `CSRF protection <https://docs.djangoproject.com/en/3.0/ref/csrf/>`_ in your Django app
+you will find that it prevents your API clients from POSTing to the ``graphql`` endpoint. You can either
+update your API client to pass the CSRF token with each request (the Django docs have a guide on how to do that: https://docs.djangoproject.com/en/3.0/ref/csrf/#ajax) or you can exempt your Graphql endpoint from CSRF protection by wrapping the ``GraphQLView`` with the ``csrf_exempt``
+decorator:
+
+.. code:: python
+
+    # urls.py
+
+    from django.urls import path
+    from django.views.decorators.csrf import csrf_exempt
+
+    from graphene_django.views import GraphQLView
+
+    urlpatterns = [
+        # ...
+        path("graphql", csrf_exempt(GraphQLView.as_view(graphiql=True))),
+    ]