Django csrftoken未设置

I'm trying to using AJAX POST with Django as per the docs - this works fine if I'm logged in to the site. But if I'm logged out or using incognito, my csrftoken is not being set - I've tried putting {{csrf_token}} to check, which returns the value NOTPROVIDED.

What could be causing the token not to generate?

• I'm using render so I don't think it's a context processor issue
• The django.middleware.csrf.CsrfViewMiddleware is present, and I've not changed any default csrf settings
• The ensure_csrf_cookie decorator works fine

I'm running Django 1.7.

Simplified version of the view (without the ensure_csrf_cookie decorator):

def pg2(request, **kwargs):
    name_slug = kwargs.pop('name_slug')
    num_guests = request.session['guests']
    date = request.session['date']

    venue = get_object_or_404(Venue, name_slug=name_slug)
    try:
        rental = request.session['rental']
    except:
        rental = None

    filtered_items = Item.objects.filter(venue_id=venue.pk)

    context = {'venue':venue, 'rental':rental, 'filtered_items':filtered_items}
    return render(request, 'app/pg2.html', context)

My middleware in settings:

MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.common.BrokenLinkEmailsMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.contrib.redirects.middleware.RedirectFallbackMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'project.middleware.SecureRequiredMiddleware', # to add SSL
)