Prevent warnings if the app isn't setting a Content-Type

[chizmeeple]

If (for whatever reason) your app isn't setting a Content-Type header there's no point in continuing with the CSRF

Currently CSRFBlock warns something like:

Use of uninitialized value $ct in pattern match (m//) at /PATH/TO/lib/site_perl/5.12.4/Plack/Middleware/CSRFBlock.pm line 125.

Yes, the app needs fixing, but there's no reason why this middleware shouldn't DTRT and avoid spitting out warnings.

[throughnothing]

hey @chiselwright, I actually hadn't noticed your PR here before, but I had already fixed this same issue in my branch (in a slightly more succinct way, I think throughnothing@4008918#L0R145). Since it seems like @rintaro is not really interested in looking at any PR's or maintaining this project at the moment, I've been keeping some modifications in my fork.

I've added support for an X-CSRF-Token header, so that you can send the header for validating AJAX requests, and I plan on doing some more refactoring of the code. Just wanted to give you a heads up incase you were interested, and if you have any other fixes or improvements that you've added to this module, I'd love to know about them. Thanks!