This commit extends the workaround in `cors_csrf` middleware
to Django Rest Framework's SessionAuthentication, which
calls Django's CSRF middleware directly.

The workaround checks the cross domain whitelist and
skips the CSRF referer check for domains on the whitelist.