11 files changed, 114 insertions, 9 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md
index df4036a5a7..36f10958b6 100644
--- a/actionview/CHANGELOG.md
+++ b/actionview/CHANGELOG.md
@@ -1,9 +1,13 @@
+*   Fix the need of `#protect_against_forgery?` method defined in
+    `ActionView::Base` subclasses. This prevents the use of forms and buttons.
+
+    *Genadi Samokovarov*
+
 *   Fix UJS permanently showing disabled text in a[data-remote][data-disable-with] elements within forms.
     Fixes #33889
 
     *Wolfgang Hobmaier*
 
-
 *   Prevent non-primary mouse keys from triggering Rails UJS click handlers.
     Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks.
     For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur.
@@ -16,7 +20,6 @@
 
     *Wolfgang Hobmaier*
 
-
 *   Prevent `ActionView::TextHelper#word_wrap` from unexpectedly stripping white space from the _left_ side of lines.
 
     For example, given input like this:
@@ -34,7 +37,6 @@
 
     *Lyle Mullican*
 
-
 *   Add allocations to template rendering instrumentation.
 
     Adds the allocations for template and partial rendering to the server output on render.
diff --git a/actionview/lib/action_view/helpers/csrf_helper.rb b/actionview/lib/action_view/helpers/csrf_helper.rb
index 69c59844a6..c0422c6ff5 100644
--- a/actionview/lib/action_view/helpers/csrf_helper.rb
+++ b/actionview/lib/action_view/helpers/csrf_helper.rb
@@ -20,7 +20,7 @@ module ActionView
       # "X-CSRF-Token" HTTP header. If you are using rails-ujs this happens automatically.
       #
       def csrf_meta_tags
-        if protect_against_forgery?
+        if defined?(protect_against_forgery?) && protect_against_forgery?
           [
             tag("meta", name: "csrf-param", content: request_forgery_protection_token),
             tag("meta", name: "csrf-token", content: form_authenticity_token)
diff --git a/actionview/lib/action_view/helpers/url_helper.rb b/actionview/lib/action_view/helpers/url_helper.rb
index 948dd1551f..d63ada3890 100644
--- a/actionview/lib/action_view/helpers/url_helper.rb
+++ b/actionview/lib/action_view/helpers/url_helper.rb
@@ -618,7 +618,7 @@ module ActionView
         end
 
         def token_tag(token = nil, form_options: {})
-          if token != false && protect_against_forgery?
+          if token != false && defined?(protect_against_forgery?) && protect_against_forgery?
             token ||= form_authenticity_token(form_options: form_options)
             tag(:input, type: "hidden", name: request_forgery_protection_token.to_s, value: token)
           else
diff --git a/actionview/test/template/csrf_helper_test.rb b/actionview/test/template/csrf_helper_test.rb
new file mode 100644
index 0000000000..dd9821eb6c
--- /dev/null
+++ b/actionview/test/template/csrf_helper_test.rb
@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require "abstract_unit"
+
+class CsrfHelperTest < ActiveSupport::TestCase
+  cattr_accessor :request_forgery, default: false
+
+  include ActionView::Helpers::CsrfHelper
+  include ActionView::Helpers::TagHelper
+  include Rails::Dom::Testing::Assertions::DomAssertions
+
+  def test_csrf_meta_tags_without_request_forgery_protection
+    assert_dom_equal "", csrf_meta_tags
+  end
+
+  def test_csrf_meta_tags_with_request_forgery_protection
+    self.request_forgery = true
+
+    assert_dom_equal <<~DOM.chomp, csrf_meta_tags
+      <meta name="csrf-param" content="form_token" />
+      <meta name="csrf-token" content="secret" />
+    DOM
+  ensure
+    self.request_forgery = false
+  end
+
+  def test_csrf_meta_tags_without_protect_against_forgery_method
+    self.class.undef_method(:protect_against_forgery?)
+
+    assert_dom_equal "", csrf_meta_tags
+  ensure
+    self.class.define_method(:protect_against_forgery?) { request_forgery }
+  end
+
+  def protect_against_forgery?
+    request_forgery
+  end
+
+  def form_authenticity_token(*args)
+    "secret"
+  end
+
+  def request_forgery_protection_token
+    "form_token"
+  end
+end
diff --git a/actionview/test/template/url_helper_test.rb b/actionview/test/template/url_helper_test.rb
index 1ab28e4749..632b32f09f 100644
--- a/actionview/test/template/url_helper_test.rb
+++ b/actionview/test/template/url_helper_test.rb
@@ -119,6 +119,16 @@ class UrlHelperTest < ActiveSupport::TestCase
     )
   end
 
+  def test_button_to_without_protect_against_forgery_method
+    self.class.undef_method(:protect_against_forgery?)
+    assert_dom_equal(
+      %{<form method="post" action="http://www.example.com" class="button_to"><input type="submit" value="Hello" /></form>},
+      button_to("Hello", "http://www.example.com")
+    )
+  ensure
+    self.class.define_method(:protect_against_forgery?) { request_forgery }
+  end
+
   def test_button_to_with_straight_url
     assert_dom_equal %{<form method="post" action="http://www.example.com" class="button_to"><input type="submit" value="Hello" /></form>}, button_to("Hello", "http://www.example.com")
   end
diff --git a/activesupport/lib/active_support/core_ext/module/delegation.rb b/activesupport/lib/active_support/core_ext/module/delegation.rb
index be90390ae4..5652f2d1cc 100644
--- a/activesupport/lib/active_support/core_ext/module/delegation.rb
+++ b/activesupport/lib/active_support/core_ext/module/delegation.rb
@@ -243,7 +243,7 @@ class Module
   #     end
   #
   #     def person
-  #       @event.detail.person || @event.creator
+  #       detail.person || creator
   #     end
   #
   #     private
@@ -266,7 +266,7 @@ class Module
   #     end
   #
   #     def person
-  #       @event.detail.person || @event.creator
+  #       detail.person || creator
   #     end
   #   end
   #
diff --git a/guides/source/configuring.md b/guides/source/configuring.md
index 36e7f8ff80..3a7baf84a9 100644
--- a/guides/source/configuring.md
+++ b/guides/source/configuring.md
@@ -906,6 +906,8 @@ text/javascript image/svg+xml application/postscript application/x-shockwave-fla
 - `config.action_view.default_enforce_utf8`: `false`
 - `config.action_dispatch.use_cookies_with_metadata`: `true`
 - `config.active_job.return_false_on_aborted_enqueue`: `true`
+- `config.active_storage.queues.analysis`: `:active_storage_analysis`
+- `config.active_storage.queues.purge`: `:active_storage_purge`
 
 ### Configuring a Database
 
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
index edfd5e2cd1..9897f6e011 100644
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@@ -1,3 +1,11 @@
+*   Send Active Storage analysis and purge jobs to dedicated queues by default.
+
+    Analysis jobs now use the `:active_storage_analysis` queue, and purge jobs
+    now use the `:active_storage_purge` queue. This matches Action Mailbox,
+    which sends its jobs to dedicated queues by default.
+
+    *George Claghorn*
+
 *   Add `rails test:mailboxes`.
 
     *George Claghorn*
diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index 22a82c051d..7dcdad2ac9 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -133,6 +133,11 @@ module Rails
           if respond_to?(:active_job)
             active_job.return_false_on_aborted_enqueue = true
           end
+
+          if respond_to?(:active_storage)
+            active_storage.queues.analysis = :active_storage_analysis
+            active_storage.queues.purge    = :active_storage_purge
+          end
         else
           raise "Unknown version #{target_version.to_s.inspect}"
         end
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt
index 5cca8ae570..b0e36b071a 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt
@@ -6,7 +6,7 @@
 #
 # Read the Guide for Upgrading Ruby on Rails for more info on each option.
 
-# Don't force requests from old versions of IE to be UTF-8 encoded
+# Don't force requests from old versions of IE to be UTF-8 encoded.
 # Rails.application.config.action_view.default_enforce_utf8 = false
 
 # Embed purpose and expiry metadata inside signed and encrypted
@@ -16,5 +16,9 @@
 # It's best enabled when your entire app is migrated and stable on 6.0.
 # Rails.application.config.action_dispatch.use_cookies_with_metadata = true
 
-# Return false instead of self when #enqueue method was aborted from the callback
+# Return false instead of self when enqueuing is aborted from a callback.
 Rails.application.config.active_job.return_false_on_aborted_enqueue = true
+
+# Send Active Storage analysis and purge jobs to dedicated queues.
+# Rails.application.config.active_storage.queues.analysis = :active_storage_analysis
+# Rails.application.config.active_storage.queues.purge    = :active_storage_purge
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 8eaf07586e..40ebe2fe0e 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -2226,6 +2226,34 @@ module ApplicationTests
       assert_equal true, ActiveJob::Base.return_false_on_aborted_enqueue
     end
 
+    test "ActiveStorage.queues[:analysis] is :active_storage_analysis by default" do
+      app "development"
+
+      assert_equal :active_storage_analysis, ActiveStorage.queues[:analysis]
+    end
+
+    test "ActiveStorage.queues[:analysis] is nil without Rails 6 defaults" do
+      remove_from_config '.*config\.load_defaults.*\n'
+
+      app "development"
+
+      assert_nil ActiveStorage.queues[:analysis]
+    end
+
+    test "ActiveStorage.queues[:purge] is :active_storage_purge by default" do
+      app "development"
+
+      assert_equal :active_storage_purge, ActiveStorage.queues[:purge]
+    end
+
+    test "ActiveStorage.queues[:purge] is nil without Rails 6 defaults" do
+      remove_from_config '.*config\.load_defaults.*\n'
+
+      app "development"
+
+      assert_nil ActiveStorage.queues[:purge]
+    end
+
     test "ActiveRecord::Base.filter_attributes should equal to filter_parameters" do
       app_file "config/initializers/filter_parameters_logging.rb", <<-RUBY
         Rails.application.config.filter_parameters += [ :password, :credit_card_number ]