Refs #16870 -- Doc'd that CSRF protection requires the Referer header.

tests/view_tests/tests/test_csrf.py

@@ -55,6 +55,13 @@ class CsrfViewTests(SimpleTestCase):
             'HTTPS connections, or for 'same-origin' requests.',
             status_code=403,
         )
+        self.assertContains(
+            response,
+            'If you are using the <meta name="referrer" '
+            'content="no-referrer"> tag or including the '
+            ''Referrer-Policy: no-referrer' header, please remove them.',
+            status_code=403,
+        )
 
     def test_no_cookies(self):
         """