Address CSRF issues in Rails 5.1+

Fixes #557

For AJAX POST requests, we need to pass along Rails' CSRF token in Rails 5.1+

app/assets/javascripts/geoblacklight/viewers/wms.js

@@ -50,6 +50,9 @@ GeoBlacklight.Viewer.Wms = GeoBlacklight.Viewer.Map.extend({
       $.ajax({
         type: 'POST',
         url: '/wms/handle',
+        beforeSend: function(xhr) {
+          xhr.setRequestHeader('X-CSRF-Token', Rails.csrfToken());
+        },
         data: wmsoptions,
         success: function(data) {
           if (data.hasOwnProperty('error') || data.values.length === 0) {