As already mentioned above, the most convenient way to know what is really causing the issue is to enable debug mode by adding DEBUG=True to the seahub_settings.py file
In my case, 403 error was caused by incorrect CSRF_TRUSTED_ORIGINS and particularly that it missed the scheme. I.e. instead of having something like this:
CSRF_TRUSTED_ORIGINS = ['sf.example.com']
it should be
CSRF_TRUSTED_ORIGINS = ['https://sf.example.com'] # or replace https with http if running on port 80 without certificate