Respect exempts in CSRFProtect.protect()

[rauchy]

The default csrf_protect method provides default behavior which might be suited for typical use cases, but as stated in the docs, custom scenarios should be handled by the protect method.

However, if custom scenarios only vary by the condition when to check the request, it's a shame to have to implement the exemption list outside this package.

[arikfr]

Looks like the docs build fails because https://wtforms.readthedocs.io/en/latest/objects.inv returns 404. But the actual tests pass.

[codecov-commenter]

Codecov Report

Merging #419 into master will decrease coverage by 5.46%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master     #419      +/-   ##
==========================================
- Coverage   97.97%   92.50%   -5.47%     
==========================================
  Files          18       18              
  Lines         936      907      -29     
  Branches       73       74       +1     
==========================================
- Hits          917      839      -78     
- Misses         17       66      +49     
  Partials        2        2              

Impacted Files	Coverage Δ
flask_wtf/csrf.py	98.08% <100.00%> (-0.03%)	⬇️
tests/test_csrf_extension.py	100.00% <100.00%> (ø)
flask_wtf/i18n.py	3.57% <0.00%> (-96.43%)	⬇️
tests/test_i18n.py	53.19% <0.00%> (-46.81%)	⬇️
tests/test_file.py	80.64% <0.00%> (-0.31%)	⬇️
flask_wtf/form.py	100.00% <0.00%> (ø)
tests/conftest.py	100.00% <0.00%> (ø)
tests/test_form.py	100.00% <0.00%> (ø)
tests/test_csrf_form.py	100.00% <0.00%> (ø)
... and 2 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 083b7e0...722428e. Read the comment docs.