[BUGFIX] Skip CSRF protection if not authenticated
CSRF protection prevented the triggering of authentication entry
points in some cases. As CSRF protection is not needed,
if nobody is authenticated, we completely skip this feature
in those cases.