Hello Danny Dan,
A bit of a late reaction, but this is the way I achieved the desired result.
I started off by creating a controller that extends Enlight_Controller_Action and implements CSRFWhitelistAware in the Controller/Frontend folder.
Then simply whitelist the actions you want to access publicly.
I hope this helps!
Greets,
Donny