Update CSRF chain to prepend checks and resolve comments from PR

Signed-off-by: Sebastian Serth <Sebastian.Serth@student.hpi.de>

app/controllers/application_controller.rb

@@ -6,7 +6,7 @@ class ApplicationController < ActionController::Base
 
   after_action :verify_authorized, except: [:help, :welcome]
   before_action :set_locale, :allow_iframe_requests
-  protect_from_forgery(with: :exception)
+  protect_from_forgery(with: :exception, prepend: true)
   rescue_from Pundit::NotAuthorizedError, with: :render_not_authorized
 
   def current_user

app/helpers/lti_helper.rb

@@ -1,4 +1,4 @@
-require 'oauth/request_proxy/action_controller_request'
+require 'oauth/request_proxy/action_controller_request' # Rails 5 changed `Rack::Request` to `ActionDispatch::Request`
 
 module LtiHelper
   def lti_outcome_service?(exercise_id, external_user_id, consumer_id)

spec/support/selenium.rb

@@ -8,9 +8,6 @@ if ENV['HEADLESS_TEST'] == 'true' || ENV['USER'] == 'vagrant'
   headless.start
 end
 
-#Capybara.server = :webrick
-# Capybara.server_port = 3333
-
 Capybara.register_driver :selenium do |app|
   profile = Selenium::WebDriver::Firefox::Profile.new
   profile['intl.accept_languages'] = 'en'
@@ -18,7 +15,7 @@ Capybara.register_driver :selenium do |app|
   options = Selenium::WebDriver::Firefox::Options.new
   options.profile = profile
   driver = Capybara::Selenium::Driver.new(app, browser: :firefox, desired_capabilities: capabilities, options: options)
-  #driver.browser.manage.window.resize_to(1280, 960)
+  driver.browser.manage.window.resize_to(1280, 960)
   driver
 end
 Capybara.javascript_driver = :selenium