This was suggested by Nathan Yergler in the bug logs.
Just implementing it.
- Let render_csrf_form_token return None, if the CSRF_TOKEN
is not available in the environ, because the
process_request part of the meddleware has not yet run.
- In render_template: If the returned value from above is
None, then do not add the csrf_token to the templates
context.
Created a BaseMeddleware which all Meddleware should derive
from. This is not strictly needed, but will greatly help.
The base class has the common __init__ of all the other
Meddlwares and fall backs for all hooks. That way a new
Meddlware only needs to override what it actually wants to
implement.
