Not sure this is the ultimate solution, but the ajax call made by the a.click is failing with a 403. The solution (workaround?) is to add a csrf_exempt decorator around the views.like_toggle() function
def like_toggle(request, content_type_id, object_id):
i believe this is something required for django 1.2 and above
This is likely because I am running everything with pinax starter projects which includes a js csrf fix by default so I missed this. I'd rather just mention or ship with a js include that provides this rather than exempt the csrf.
Add note on ajax