The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method. Using the latter makes the code less brittle.
"headers" is provided by Rails, Rack can't rely on it
* Drop dependency on secure_headers, use always_write_cookie instead * Fix cookies in Tor Hidden Services by moving configuration to application.rb * Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch