csrf_token is still needed by FlaskForm if you @csrf.exempt a view

[return1]

If i @csrf.exempt a view which uses a FlaskForm, the csrf token is still required by the Form. I manually have to set g.csrf_valid = True.

Maybe csrf_protect should set g.csrf_valid if the blueprint or view was exempted. Or another flag is introduced like g.exempt.

Do you like a pull request for one of the options?