R2-3031: Adding prepend option to protect_from_forgery to fix csrf er…

…ror when using idp

app/controllers/application_api_controller.rb

@@ -15,7 +15,7 @@ class ApplicationApiController < ActionController::API
   before_action :check_config_update_lock!
   before_action :set_csrf_cookie, unless: -> { request_from_basic_auth? }
 
-  protect_from_forgery with: :exception, if: -> { use_csrf_protection? }
+  protect_from_forgery with: :exception, prepend: true, if: -> { use_csrf_protection? }
 
   class << self
     attr_accessor :model_class