Update CSRF chain to prepend checks and resolve comments from PR

Signed-off-by: Sebastian Serth <Sebastian.Serth@student.hpi.de>

app/controllers/application_controller.rb

@@ -6,7 +6,7 @@ class ApplicationController < ActionController::Base
 
   after_action :verify_authorized, except: [:help, :welcome]
   before_action :set_locale, :allow_iframe_requests
-  protect_from_forgery(with: :exception)
+  protect_from_forgery(with: :exception, prepend: true)
   rescue_from Pundit::NotAuthorizedError, with: :render_not_authorized
 
   def current_user

app/helpers/lti_helper.rb

@@ -1,4 +1,4 @@
-require 'oauth/request_proxy/action_controller_request'
+require 'oauth/request_proxy/action_controller_request' # Rails 5 changed `Rack::Request` to `ActionDispatch::Request`
 
 module LtiHelper
   def lti_outcome_service?(exercise_id, external_user_id, consumer_id)