# File lib/rack/protection/authenticity_token.rb, line 98
      def accepts?(env)
        session = session env
        set_token(session)

        safe?(env) ||
          valid_token?(session, env['HTTP_X_CSRF_TOKEN']) ||
          valid_token?(session, Request.new(env).params[options[:authenticity_param]]) ||
          ( options[:allow_if] && options[:allow_if].call(env) )
      end