restored csrf_meta_tags in <head> as without them CSRF cookie is only sent for pages with POST-like forms

Author: Oaphi

app/views/layouts/_head.html.erb

@@ -71,6 +71,8 @@
   <script id="MathJax-script" async src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>
 <% end %>
 
+<%= csrf_meta_tags %>
+
 <%= yield(:head) %>
 
 <% if content_for? :twitter_card_meta %>