41675224d0
Rails now handles the insecure context case natively in verified_via_header_only? — when Sec-Fetch-Site is missing and the request is plain HTTP without force_ssl, the request is allowed. Remove the now-redundant allowed_insecure_context_request? method and update the test to set ActionDispatch::Http::URL.secure_protocol alongside Rails.configuration.force_ssl so the upstream check works correctly in the test environment.