Bypass csrf plugins (#597)

* Add bypass_csrf_protection decorator
* Add beta notice
* Add test_bypass_csrf_protection

CTFd/plugins/__init__.py

@@ -125,6 +125,19 @@ def get_user_page_menu_bar():
     return db_pages() + USER_PAGE_MENU_BAR
 
 
+def bypass_csrf_protection(f):
+    """
+    Decorator that allows a route to bypass the need for a CSRF nonce on POST requests.
+
+    This should be considered beta and may change in future versions.
+
+    :param f: A function that needs to bypass CSRF protection
+    :return: Returns a function with the _bypass_csrf attribute set which tells CTFd to not require CSRF protection.
+    """
+    f._bypass_csrf = True
+    return f
+
+
 def init_plugins(app):
     """
     Searches for the load function in modules in the CTFd/plugins folder. This function is called with the current CTFd