Add config.api_only option to application and remove appropriate middleware when true

3 files changed, 32 insertions, 4 deletions

diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index 78a47fcda9..6ffbb1b204 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -13,7 +13,7 @@ module Rails
                     :railties_order, :relative_url_root, :secret_key_base, :secret_token,
                     :serve_static_files, :ssl_options, :static_cache_control, :static_index,
                     :session_options, :time_zone, :reload_classes_only_on_change,
-                    :beginning_of_week, :filter_redirect, :x
+                    :beginning_of_week, :filter_redirect, :api_only, :x
 
       attr_writer :log_level
       attr_reader :encoding
@@ -49,6 +49,7 @@ module Rails
         @eager_load                    = nil
         @secret_token                  = nil
         @secret_key_base               = nil
+        @api_only                      = false
         @x                             = Custom.new
       end
 
diff --git a/railties/lib/rails/application/default_middleware_stack.rb b/railties/lib/rails/application/default_middleware_stack.rb
index 909ed5cc35..6f9ccec137 100644
--- a/railties/lib/rails/application/default_middleware_stack.rb
+++ b/railties/lib/rails/application/default_middleware_stack.rb
@@ -28,7 +28,7 @@ module Rails
 
           middleware.use ::Rack::Lock unless allow_concurrency?
           middleware.use ::Rack::Runtime
-          middleware.use ::Rack::MethodOverride
+          middleware.use ::Rack::MethodOverride unless config.api_only
           middleware.use ::ActionDispatch::RequestId
 
           # Must come after Rack::MethodOverride to properly log overridden methods
@@ -42,9 +42,9 @@ module Rails
           end
 
           middleware.use ::ActionDispatch::Callbacks
-          middleware.use ::ActionDispatch::Cookies
+          middleware.use ::ActionDispatch::Cookies unless config.api_only
 
-          if config.session_store
+          if !config.api_only && config.session_store
             if config.force_ssl && !config.session_options.key?(:secure)
               config.session_options[:secure] = true
             end
diff --git a/railties/test/application/middleware_test.rb b/railties/test/application/middleware_test.rb
index 04bd19784a..ce92ebbf66 100644
--- a/railties/test/application/middleware_test.rb
+++ b/railties/test/application/middleware_test.rb
@@ -50,6 +50,33 @@ module ApplicationTests
       ], middleware
     end
 
+    test "api middleware stack" do
+      add_to_config "config.api_only = true"
+
+      boot!
+
+      assert_equal [
+        "Rack::Sendfile",
+        "ActionDispatch::Static",
+        "Rack::Lock",
+        "ActiveSupport::Cache::Strategy::LocalCache",
+        "Rack::Runtime",
+        "ActionDispatch::RequestId",
+        "Rails::Rack::Logger", # must come after Rack::MethodOverride to properly log overridden methods
+        "ActionDispatch::ShowExceptions",
+        "ActionDispatch::DebugExceptions",
+        "ActionDispatch::RemoteIp",
+        "ActionDispatch::Reloader",
+        "ActionDispatch::Callbacks",
+        "ActiveRecord::ConnectionAdapters::ConnectionManagement",
+        "ActiveRecord::QueryCache",
+        "ActionDispatch::ParamsParser",
+        "Rack::Head",
+        "Rack::ConditionalGet",
+        "Rack::ETag"
+      ], middleware
+    end
+
     test "Rack::Cache is not included by default" do
       boot!