The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle.
"headers" is provided by Rails, Rack can't rely on it
* Drop dependency on secure_headers, use always_write_cookie instead
* Fix cookies in Tor Hidden Services by moving configuration to application.rb
* Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch