class Rack::Protection::RemoteToken

Compatible with Rails and rack-csrf.
included in the session or the request comes from the same origin.
Only accepts unsafe HTTP requests if a given access token matches the token
More infos
en.wikipedia.org/wiki/Cross-site_request_forgery<br>Supported browsers
all
Prevented attack

CSRF
#

def accepts?(env)

def accepts?(env)
  super or referrer(env) == Request.new(env).host
end