CSRF cookie error after Django 3.2 update (DRF with token authentication)

Question

I was looking to update my app backend from Django 3.1.14 (working fine but no longer supported) to a newer version (I tried both 3.2 and 4.0), but after updating I started getting a CSRF cookie error.

Forbidden (CSRF cookie not set.): /api-token-auth/

Does anybody by any chance know what's changed in Django in regard to CSRF, and how to avoid the errors?

I was under the impression that CSRF is not enforced when using Django Rest Framework with token authentication. I tried anyway to remove the 'django.middleware.csrf.CsrfViewMiddleware' middleware, to add @csrf_exempt to all the views, deleted all existing tokens and logged out of Django admin, but to no avail. My DRF configuration in settings.py is as follows:

INSTALLED_APPS = [
    'rest_framework',
    'rest_framework.authtoken',
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
}

Edit: my own answer below