Add the `Mime::Type::InvalidMimeType` error in the default rescue_response:

- https://github.com/rails/rails/pull/35604 introduced a vulnerability fix
  to raise an error in case the `HTTP_ACCEPT` headers contains malformated
  mime type.

  This will cause applications to throw a 500 if a User Agent sends an
  invalid header.

  This PR adds the `InvalidMimeType` in the default `rescue_responses` from
  the ExceptionWrapper and will return a 406. I looked up the HTTP/1.1
  RFC and it doesn't stand what should be returned when the UA
  sends malformated mime type. Decided to get 406 as it seemed to be the
  status the better suited for this.

1 files changed, 6 insertions, 0 deletions

diff --git a/actionpack/test/dispatch/show_exceptions_test.rb b/actionpack/test/dispatch/show_exceptions_test.rb
index f802abc653..6fafa4e426 100644
--- a/actionpack/test/dispatch/show_exceptions_test.rb
+++ b/actionpack/test/dispatch/show_exceptions_test.rb
@@ -9,6 +9,8 @@ class ShowExceptionsTest < ActionDispatch::IntegrationTest
       case req.path
       when "/not_found"
         raise AbstractController::ActionNotFound
+      when "/invalid_mimetype"
+        raise Mime::Type::InvalidMimeType
       when "/bad_params", "/bad_params.json"
         begin
           raise StandardError.new
@@ -62,6 +64,10 @@ class ShowExceptionsTest < ActionDispatch::IntegrationTest
     get "/unknown_http_method", env: { "action_dispatch.show_exceptions" => true }
     assert_response 405
     assert_equal "", body
+
+    get "/invalid_mimetype", headers: { "Accept" => "text/html,*", "action_dispatch.show_exceptions" => true }
+    assert_response 406
+    assert_equal "", body
   end
 
   test "localize rescue error page" do