Seems okay.
* Customises the CSRF failure view so that it uses the LCA2017 style * If a user is logged in and there is a bad_token failure, let them know.