# File lib/rack/protection/authenticity_token.rb, line 22 def accepts?(env) session = session env token = session[:csrf] ||= session['_csrf_token'] || random_string safe?(env) || secure_compare(env['HTTP_X_CSRF_TOKEN'].to_s, token) || secure_compare(Request.new(env).params[options[:authenticity_param]].to_s, token) end