class Rack::Protection::RemoteReferrer

a different host.
Does not accept unsafe HTTP requests if the Referer [sic] header is set to
More infos
en.wikipedia.org/wiki/Cross-site_request_forgery<br>Supported browsers
all
Prevented attack

CSRF
#

def accepts?(env) 

def accepts?(env)
  safe?(env) or referrer(env) == Request.new(env).host
end