Bug 37553: Consistently send Csrf-Token in request header

This change consistently sends the Csrf-Token in the request header.
Previously, one POST sent it in the request body, while the other POST
sent it in the request header. Since we're using an API, it's best
for us to always send it in the request header

Test plan:
0. Apply the patch
1. perl ./misc/migration_tools/koha-svc.pl \
	http://localhost:8081/cgi-bin/koha/svc koha koha 29 > bib-29.xml
2. perl ./misc/migration_tools/koha-svc.pl \
	http://localhost:8081/cgi-bin/koha/svc koha koha 29 bib-29.xml
3. Note that the following appears in STDOUT and there is no 403 error:
"update 29 from bib-29.xml"

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

misc/migration_tools/koha-svc.pl

@@ -110,7 +110,8 @@ sub new {
 
     my $resp = $ua->post(
         "$url/authentication",
-        { login_userid => $user, login_password => $password, csrf_token => $csrf_token }
+        'Csrf-Token' => $csrf_token,
+        'Content'    => { login_userid => $user, login_password => $password }
     );
     die $resp->status_line unless $resp->is_success;
 
@@ -152,9 +153,11 @@ sub post {
     my $url = $self->{url};
     warn "# post $url/bib/$biblionumber\n" if $self->{debug};
     my $csrf_token = $self->{csrf_token};
-    my $resp       = $self->{ua}->post(
-        "$url/bib/$biblionumber", 'Content_type' => 'text/xml', Content => $marcxml,
-        csrf_token => $csrf_token
+    my $resp = $self->{ua}->post(
+        "$url/bib/$biblionumber",
+        'Content_type' => 'text/xml',
+        'Csrf_Token'   => $csrf_token,
+        'Content'      => $marcxml,
     );
     die $resp->status_line unless $resp->is_success;
     return $resp->decoded_content;