diff --git a/core/core.services.yml b/core/core.services.yml
index 7558338..b5386c5 100644
--- a/core/core.services.yml
+++ b/core/core.services.yml
@@ -481,7 +481,7 @@ services:
     arguments: ['@state']
   csrf_token:
     class: Drupal\Core\Access\CsrfTokenGenerator
-    arguments: ['@private_key', '@settings']
+    arguments: ['@private_key']
     calls:
       - [setCurrentUser, ['@?current_user']]
       - [setRequest, ['@?request']]
diff --git a/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php b/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php
index 5790e09..0a2d2a1 100644
--- a/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php
+++ b/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php
@@ -28,13 +28,6 @@ class CsrfTokenGenerator {
   protected $privateKey;
 
   /**
-   * The settings service.
-   *
-   * @var \Drupal\Component\Utility\Settings
-   */
-  protected $settings;
-
-  /**
    * The current user.
    *
    * @var \Drupal\Core\Session\AccountInterface
@@ -53,12 +46,9 @@ class CsrfTokenGenerator {
    *
    * @param \Drupal\Core\PrivateKey $private_key
    *   The private key service.
-   * @param \Drupal\Component\Utility\Settings $settings
-   *   The settings service.
    */
-  public function __construct(PrivateKey $private_key, Settings $settings) {
+  public function __construct(PrivateKey $private_key) {
     $this->privateKey = $private_key;
-    $this->settings = $settings;
   }
 
   /**
@@ -104,7 +94,7 @@ public function get($value = '') {
     // For mixed HTTP(S) sessions, use a constant identifier so that tokens can
     // be shared between protocols.
     $identifier = NULL;
-    if ($this->request->isSecure() && $this->settings->get('mixed_mode_sessions', FALSE)) {
+    if ($this->request->isSecure() && Settings::get('mixed_mode_sessions', FALSE)) {
       $insecure_session_name = substr(session_name(), 1);
       if ($this->request->cookies->has($insecure_session_name)) {
         $identifier = $this->request->cookies->get($insecure_session_name);
diff --git a/core/lib/Drupal/Core/Form/FormBuilder.php b/core/lib/Drupal/Core/Form/FormBuilder.php
index e56eef2..50e5d49 100644
--- a/core/lib/Drupal/Core/Form/FormBuilder.php
+++ b/core/lib/Drupal/Core/Form/FormBuilder.php
@@ -830,7 +830,7 @@ public function validateForm($form_id, &$form, &$form_state) {
     }
 
     // Ensure the correct protocol when #https is set.
-    if (!empty($form['#https']) && !\Drupal::request()->isSecure() && settings()->get('mixed_mode_sessions', FALSE)) {
+    if (!empty($form['#https']) && !\Drupal::request()->isSecure() && Settings::get('mixed_mode_sessions', FALSE)) {
       \Drupal::formBuilder()->setErrorByName('', $form_state, t('This form must be submitted over a secure connection.'));
     }