Add xsrf code to core
We should have the core set and check for xsrf tokens.
A xsrf property on the pagemaker should return the current xsrf token and set a cookie holding it.
On non get requests the pagemaker should then set a invalid_xsrf flag if there's no post field containing the same xsrf token as the pervious property returns.
This flag can then be used to empty the post data and show an error page trough a decorator or even in the users init.