Fixes #74 -- restful configured through routes is not superceded by global config

[aef-]

Also fixes a test case which should have been failing. For that test case, restful is set as true through the plugin config, but passes without the CSRF header, instead relying on the payload. If this is too stringent let me know.

[stongo]

LGTM, thanks!

[lock[bot]]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.