class Rack::Protection::AuthenticityToken

def accepts?(env)

def accepts?(env)
  session = session(env)
  set_token(session)
  safe?(env) ||
    valid_token?(env, env['HTTP_X_CSRF_TOKEN']) ||
    valid_token?(env, Request.new(env).params[options[:authenticity_param]]) ||
    options[:allow_if]&.call(env)
rescue StandardError
  false
end