Plone.protect

-------------------

- Handle TypeError caused by getToolByName on an
invalid context
[vangheem]

- You can opt out of clickjacking protection by setting the
environment variable ``PLONE_X_FRAME_OPTIONS`` to an empty string.
[maurits]

- Be more flexible in parsing the ``PLONE_CSRF_DISABLED`` environment
variable. We are no longer case sensitive, and we accept ``true``,
``t``, ``yes``, ``y``, ``1`` as true values.
[maurits]

- Avoid TypeError when checking the content-type header.
[maurits]

-------------------

- Always force html serializer as the XHTML variant seems
to cause character encoding issues
[vangheem]

-------------------

- Do not check writes to temporary storage like session storage
[davisagli]

-------------------

- play nicer with inline JavaScript
[vangheem]

-------------------

- make imports backward compatible
[vangheem]

------------------

- patch pluggable auth with marmoset patch because
the patch would not apply otherwise depending on
somewhat-random import order
[vangheem]

- get auto-csrf protection working on the zope root
[vangheem]