Fix CSRF exception when updating theme

The bug was caused by the switch to Rails UJS in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27394.

The form wasn't submitted remotely and the CSRF token wasn't sent.

We also enable CSRF protection for JS tests to catch these problems.

app/assets/javascripts/profile/profile.js

 import $ from 'jquery';
 import axios from '~/lib/utils/axios_utils';
+import { Rails } from '~/lib/utils/rails_ujs';
 import { deprecatedCreateFlash as flash } from '../flash';
 import { parseBoolean } from '~/lib/utils/common_utils';
 import TimezoneDropdown, {
@@ -48,9 +49,13 @@ export default class Profile {
   }
 
   submitForm() {
-    return $(this)
-      .parents('form')
-      .submit();
+    const $form = $(this).parents('form');
+
+    if ($form.data('remote')) {
+      Rails.fire($form[0], 'submit');
+    } else {
+      $form.submit();
+    }
   }
 
   onSubmitForm(e) {

spec/support/capybara.rb

@@ -123,6 +123,10 @@ RSpec.configure do |config|
       port: session.server.port,
       protocol: 'http')
 
+    # CSRF protection is disabled by default. We only enable this for JS specs because some forms
+    # require Javascript to set the CSRF token.
+    allow_any_instance_of(ActionController::Base).to receive(:protect_against_forgery?).and_return(true)
+
     # reset window size between tests
     unless session.current_window.size == CAPYBARA_WINDOW_SIZE
       begin