# File lib/rack/protection/base.rb, line 100
      def origin(env)
        env['HTTP_ORIGIN'] || env['HTTP_X_ORIGIN']
      end