# File lib/rack/protection/authenticity_token.rb, line 22
      def accepts?(env)
        session = session env
        token   = session[:csrf] ||= session['_csrf_token'] || random_string
        safe?(env) ||
          secure_compare(env['HTTP_X_CSRF_TOKEN'].to_s, token) ||
          secure_compare(Request.new(env).params[options[:authenticity_param]].to_s, token)
      end