Fixes an issue where an error is raised when a new rails app hits the internal rails welcome page, the exception is ActionController::RequestForgeryProtection::DisabledSessionError

Co-authored-by: Petrik de Heus <petrik@deheus.net>

railties/lib/rails/welcome_controller.rb

@@ -3,6 +3,7 @@
 require "rails/application_controller"
 
 class Rails::WelcomeController < Rails::ApplicationController # :nodoc:
+  skip_forgery_protection
   layout false
 
   def index

railties/test/application/routing_test.rb

@@ -734,5 +734,18 @@ module ApplicationTests
       get "/url"
       assert_equal "/foo", last_response.body
     end
+
+    test "request to rails/welcome for api_only app is successful" do
+      add_to_config <<-RUBY
+        config.api_only = true
+        config.action_dispatch.show_exceptions = false
+        config.action_controller.allow_forgery_protection = true
+      RUBY
+
+      app "development"
+
+      get "/"
+      assert_equal 200, last_response.status
+    end
   end
 end