Benchmark turns off CSRF protection

[noahgibbs]

That's not a big problem for accuracy, but it's a sign that something's wrong. Nothing notable changed in Discourse between versions where CSRF works (1.7.8 and before) and Discourse versions where CSRF stops working (1.8.0.betaX series.) The CSRF problems can be reproduced in Ruby 2.3.X, so it's not a Ruby 2.4.0 problem. It might be a Rails problem, but the difference in Rails versions between Discourse 1.7.8 and 1.8.0 is small enough that it's unlikely. More likely some weird tooling/config problem that happens to have been randomly tickled.