Make CSRF protection optional (but on by default)

tailbone/app.py

@@ -118,7 +118,7 @@ class Root(dict):
         self.request = request
 
 
-def make_pyramid_config(settings):
+def make_pyramid_config(settings, configure_csrf=True):
     """
     Make a Pyramid config object from the given settings.
     """
@@ -137,7 +137,8 @@ def make_pyramid_config(settings):
     config.set_authentication_policy(SessionAuthenticationPolicy())
 
     # always require CSRF token protection
-    config.set_default_csrf_options(require_csrf=True, token='_csrf')
+    if configure_csrf:
+        config.set_default_csrf_options(require_csrf=True, token='_csrf')
 
     # Bring in some Pyramid goodies.
     config.include('tailbone.beaker')