Angular2 adn Django csrf protection

index.html

<html>
<head>
  <!-- put whatever you need -->
</head>
<body>
    <app-root>Loading... </app-root>
    {% csrf_token %}
</body>
</html>

settings.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
    ),
}

user.service.ts

getUser (email: string): Observable<any> {
  let headers = new Headers({ 'Content-Type': 'application/json' });
  headers.append("X-CSRFToken", this.getCookie('csrftoken'));
  let options = new RequestOptions({ headers: headers });
  return this.http.get(this.url + '/' + email + '/', options)
                    .map(res => res.json())
                    .catch(this.handleError);
}

getCookie(key: string){
  return this._cookieService.get(key);
}

views.py

from django.views.decorators.csrf import csrf_protect
from django.utils.decorators import method_decorator

@method_decorator(csrf_protect)
def post(self, request, format=None):

    user_data = request.data
    
    #do something nice
    return Response('Response', status=status.HTTP_201_CREATED)