Fix loading ActiveStorage::DiskController when CSRF protection is disabled by default

activestorage/app/controllers/active_storage/disk_controller.rb

@@ -5,7 +5,7 @@
 # Always go through the BlobsController, or your own authenticated controller, rather than directly
 # to the service url.
 class ActiveStorage::DiskController < ActionController::Base
-  skip_forgery_protection
+  skip_forgery_protection if default_protect_from_forgery
 
   def show
     if key = decode_verified_key