Add common "form poster" logic, to make CSRF token/header names configurable

also refactor the Feedback logic to use it

tailbone/app.py

@@ -43,7 +43,7 @@ from zope.sqlalchemy import register
 
 import tailbone.db
 from tailbone.auth import TailboneAuthorizationPolicy
-
+from tailbone.config import csrf_token_name, csrf_header_name
 from tailbone.util import get_effective_theme, get_theme_template_path
 
 
@@ -130,9 +130,12 @@ def make_pyramid_config(settings, configure_csrf=True):
     config.set_authorization_policy(TailboneAuthorizationPolicy())
     config.set_authentication_policy(SessionAuthenticationPolicy())
 
-    # always require CSRF token protection
+    # maybe require CSRF token protection
     if configure_csrf:
-        config.set_default_csrf_options(require_csrf=True, token='_csrf')
+        rattail_config = settings['rattail_config']
+        config.set_default_csrf_options(require_csrf=True,
+                                        token=csrf_token_name(rattail_config),
+                                        header=csrf_header_name(rattail_config))
 
     # Bring in some Pyramid goodies.
     config.include('tailbone.beaker')