Enable CSRF token check for JS tests
This is a follow-up issue from https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4865#note_61948883:
Test scenarios in context has epics in list in ee/spec/features/epics/new_epic_spec.rb actually work properly (although it doesn't seem so), even in this test CSRF token is not sent from browser back to server, so the test should fail. But it doesn't because for tests we have CSRF token check disabled: config.action_controller.allow_forgery_protection = false (https://gitlab.com/gitlab-org/gitlab-ce/blob/v10.5.0/config/environments/test.rb#L32)
To avoid issues like #4865 I think it would make sense to enable CSRF token check when running JS tests.