# File lib/rack/protection/http_origin.rb, line 23
      def accepts?(env)
        return true if safe? env
        return true unless origin = env['HTTP_ORIGIN']
        return true if base_url(env) == origin
        Array(options[:origin_whitelist]).include? origin
      end