class Rack::Protection::HttpOrigin

def accepts?(env)

def accepts?(env)
  return true if safe? env
  return true unless (origin = env['HTTP_ORIGIN'])
  return true if base_url(env) == origin
  return true if options[:allow_if]&.call(env)
  permitted_origins = options[:permitted_origins]
  Array(permitted_origins).include? origin
end

Instance Methods