CSRF protection breaking breaking state changing actions

[quelsan]

When using the latest version of the API client (0.2.5) and Gophish (0.7.1), state changing requests requests, for example "POST /api/templates/", fail with with status code 403. In addition, the server returns an error message stating that the wrong CSRF token has been submitted.

As the API supports bearer type authentication and requests are submitted using the content type "application/json", there should be no need for the CSRF tokens in this context.

Another possibility, while not as clean, is to reconfigure the underlying "requests" session to store and submit the CSRF token cookie value, but this may have other consequences.

[quelsan]

This issue should probably be filed in the main gophish repository now that I think about it

[jordan-wright]

Closed via b915112.

I'll tag a new release once we merge #16.