class Rack::Protection::AuthenticityToken
def accepts?(env)
def accepts?(env) session = session env set_token(session) safe?(env) || valid_token?(session, env['HTTP_X_CSRF_TOKEN']) || valid_token?(session, Request.new(env).params[options[:authenticity_param]]) || ( options[:allow_if] && options[:allow_if].call(env) ) end