# File lib/rack/protection/authenticity_token.rb, line 22
      def accepts?(env)
        session = session env
        token   = session[:csrf] ||= session['_csrf_token'] || random_string
        safe?(env) ||
          env['HTTP_X_CSRF_TOKEN'] == token ||
          Request.new(env).params[options[:authenticity_param]] == token
      end