Currently, rack-protection silently denys access. Instead, we should pass in our logger to log these failures.
Awesome, yeah I think this will make a big difference in people's confusion around csrf
Great :) Took me a bit to understand why some posts were being denied.
Pass our logger to rack-protection. Fixes #1236.