Plone.protect

-------------------

Bug fixes:

- Only try the confirm view for urls that are in the portal.
This applies PloneHotfix20160830. [maurits]

- Removed ``RedirectTo`` patch. The patch has been merged to
``Products.CMFFormController`` 3.0.7 (Plone 4.3 and 5.0) and 3.1.2
(Plone 5.1). Note that we are not requiring those versions in our
``setup.py``, because the code in this package no longer needs it.
[maurits]

-------------------

New:

- Added protect.js from plone4.csrffixes. This adds an ``X-CSRF-TOKEN``
header to ajax requests.
Fixes https://github.com/plone/plone.protect/issues/42
[maurits]

Fixes:

- Use zope.interface decorator.
[gforcada]

-------------------

Fixes:

- Fixed AttributeError when calling ``safeWrite`` on a
``TestRequest``, because this has no ``environ.``. [maurits]

-------------------

Fixes:

- Internationalized button in confirm.pt.
[vincentfretin]

-------------------

Fixes:

- Make sure transforms don't fail on redirects.
[lgraf]

-------------------

- make sure to always compare content type with a string when checking
if we should show the confirm-action view.
[vangheem]

- Internationalized confirm.pt
[vincentfretin]

- Disable editable border for confirm-action view.
[lgraf]

- Make title and description show up on confirm-action view.
[lgraf]

- Allow views to override 'X-Frame-Options' by setting the response header
manually.
[alecm]

- Avoid parsing redirect responses (this avoids a warning on the log files).
[gforcada]