Setting CSRF token on the blacklisted routes.

[ohpyupi]

Hi. It seems like for end points that are blacklisted by Lusca, it does not set CSRF tokens for the requests at all.

So what can happen is for the POST endpoint where a page is being rendered, because Lusca does not set CSRF token, it cannot make subsequent POST calls after the page is rendered.

Is it a part of design or a missing feature?