14 files changed, 102 insertions, 71 deletions
diff --git a/actionmailer/lib/action_mailer/base.rb b/actionmailer/lib/action_mailer/base.rb
index c7f09ed192..6ddc4c9596 100644
--- a/actionmailer/lib/action_mailer/base.rb
+++ b/actionmailer/lib/action_mailer/base.rb
@@ -134,25 +134,28 @@ module ActionMailer
   #
   # = Sending mail
   #
-  # Once a mailer action and template are defined, you can deliver your message or create it and save it
-  # for delivery later:
+  # Once a mailer action and template are defined, you can deliver your message or defer its creation and
+  # delivery for later:
   #
   #   NotifierMailer.welcome(User.first).deliver_now # sends the email
   #   mail = NotifierMailer.welcome(User.first)      # => an ActionMailer::MessageDelivery object
-  #   mail.deliver_now                    # sends the email
+  #   mail.deliver_now                               # generates and sends the email now
   #
-  # The <tt>ActionMailer::MessageDelivery</tt> class is a wrapper around a <tt>Mail::Message</tt> object. If
-  # you want direct access to the <tt>Mail::Message</tt> object you can call the <tt>message</tt> method on
-  # the <tt>ActionMailer::MessageDelivery</tt> object.
+  # The <tt>ActionMailer::MessageDelivery</tt> class is a wrapper around a delegate that will call
+  # your method to generate the mail. If you want direct access to delegator, or <tt>Mail::Message</tt>,
+  # you can call the <tt>message</tt> method on the <tt>ActionMailer::MessageDelivery</tt> object.
   #
   #   NotifierMailer.welcome(User.first).message     # => a Mail::Message object
   #
-  # Action Mailer is nicely integrated with Active Job so you can send emails in the background (example: outside
-  # of the request-response cycle, so the user doesn't have to wait on it):
+  # Action Mailer is nicely integrated with Active Job so you can generate and send emails in the background
+  # (example: outside of the request-response cycle, so the user doesn't have to wait on it):
   #
   #   NotifierMailer.welcome(User.first).deliver_later # enqueue the email sending to Active Job
   #
+  # Note that <tt>deliver_later</tt> will execute your method from the background job.
+  #
   # You never instantiate your mailer class. Rather, you just call the method you defined on the class itself.
+  # All instance method are expected to return a message object to be sent.
   #
   # = Multipart Emails
   #
diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index 5a8c7db162..d920668184 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -89,7 +89,7 @@ module ActionController
         end
 
         secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
-        flash.keep if request.respond_to?(:flash)
+        flash.keep if respond_to?(:flash)
         redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
       end
     end
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 367b736035..663a969f72 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -13,9 +13,14 @@ module ActionController #:nodoc:
   # by including a token in the rendered HTML for your application. This token is
   # stored as a random string in the session, to which an attacker does not have
   # access. When a request reaches your application, \Rails verifies the received
-  # token with the token in the session. Only HTML and JavaScript requests are checked,
-  # so this will not protect your XML API (presumably you'll have a different
-  # authentication scheme there anyway).
+  # token with the token in the session. All requests are checked except GET requests
+  # as these should be idempotent. Keep in mind that all session-oriented requests
+  # should be CSRF protected, including Javascript and HTML requests.
+  #
+  # Since HTML and Javascript requests are typically made from the browser, we
+  # need to ensure to verify request authenticity for the web browser. We can
+  # use session-oriented authentication for these types requests, by using
+  # the `protect_form_forgery` method in our controllers.
   #
   # GET requests are not protected since they don't have side effects like writing
   # to the database and don't leak sensitive information. JavaScript requests are
@@ -26,15 +31,20 @@ module ActionController #:nodoc:
   # Ajax) requests are allowed to make GET requests for JavaScript responses.
   #
   # It's important to remember that XML or JSON requests are also affected and if
-  # you're building an API you'll need something like:
+  # you're building an API you should change forgery protection method in
+  # <tt>ApplicationController</tt> (by default: <tt>:exception</tt>):
   #
   #   class ApplicationController < ActionController::Base
   #     protect_from_forgery unless: -> { request.format.json? }
   #   end
   #
-  # CSRF protection is turned on with the <tt>protect_from_forgery</tt> method,
-  # which checks the token and resets the session if it doesn't match what was expected.
-  # A call to this method is generated for new \Rails applications by default.
+  # CSRF protection is turned on with the <tt>protect_from_forgery</tt> method.
+  # By default <tt>protect_from_forgery</tt> protects your session with
+  # <tt>:null_session</tt> method, which provides an empty session during request
+  #
+  # We may want to disable CSRF protection for APIs since they are typically
+  # designed to be state-less. That is, the requestion API client will handle
+  # the session for you instead of Rails.
   #
   # The token parameter is named <tt>authenticity_token</tt> by default. The name and
   # value of this token must be added to every layout that renders forms by including
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb
index 6ffd7a7d2b..33c24999f9 100644
--- a/actionpack/lib/action_controller/test_case.rb
+++ b/actionpack/lib/action_controller/test_case.rb
@@ -659,9 +659,7 @@ module ActionController
         @request.assign_parameters(@routes, controller_class_name, action.to_s, parameters)
 
         @request.session.update(session) if session
-
-        is_request_flash_enabled = @request.respond_to?(:flash)
-        @request.flash.update(flash || {}) if is_request_flash_enabled
+        @request.flash.update(flash || {})
 
         if xhr
           @request.env['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
@@ -687,8 +685,7 @@ module ActionController
 
         @assigns = @controller.respond_to?(:view_assigns) ? @controller.view_assigns : {}
 
-        flash_value = is_request_flash_enabled ? @request.flash.to_session_value : nil
-        if flash_value
+        if flash_value = @request.flash.to_session_value
           @request.session['flash'] = flash_value
         else
           @request.session.delete('flash')
diff --git a/actionpack/test/controller/force_ssl_test.rb b/actionpack/test/controller/force_ssl_test.rb
index e1e423675f..5639abdc56 100644
--- a/actionpack/test/controller/force_ssl_test.rb
+++ b/actionpack/test/controller/force_ssl_test.rb
@@ -321,29 +321,4 @@ class RedirectToSSLTest < ActionController::TestCase
     assert_response 200
     assert_equal 'ihaz', response.body
   end
-
-  def test_banana_redirects_to_https_if_not_https_and_flash_middleware_is_disabled
-    disable_flash
-    get :banana
-    assert_response 301
-    assert_equal 'https://test.host/redirect_to_ssl/banana', redirect_to_url
-  ensure
-    enable_flash
-  end
-
-  private
-
-  def disable_flash
-    ActionDispatch::TestRequest.class_eval do
-      alias_method :flash_origin, :flash
-      undef_method :flash
-    end
-  end
-
-  def enable_flash
-    ActionDispatch::TestRequest.class_eval do
-      alias_method :flash, :flash_origin
-      undef_method :flash_origin
-    end
-  end
 end
diff --git a/activerecord/lib/active_record/associations.rb b/activerecord/lib/active_record/associations.rb
index deecd1b7b7..c5c2178ee2 100644
--- a/activerecord/lib/active_record/associations.rb
+++ b/activerecord/lib/active_record/associations.rb
@@ -1565,10 +1565,7 @@ module ActiveRecord
       #
       #   class CreateDevelopersProjectsJoinTable < ActiveRecord::Migration
       #     def change
-      #       create_table :developers_projects, id: false do |t|
-      #         t.integer :developer_id
-      #         t.integer :project_id
-      #       end
+      #       create_join_table :developers, :projects
       #     end
       #   end
       #
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/schema_statements.rb b/activerecord/lib/active_record/connection_adapters/abstract/schema_statements.rb
index f0909aabb5..ecb4868c13 100644
--- a/activerecord/lib/active_record/connection_adapters/abstract/schema_statements.rb
+++ b/activerecord/lib/active_record/connection_adapters/abstract/schema_statements.rb
@@ -390,6 +390,10 @@ module ActiveRecord
 
       # Adds a new column to the named table.
       # See TableDefinition#column for details of the options you can use.
+      #
+      # Note: Not all options will be available, generally this command should
+      # ignore most of them. In favor of doing a low-level call to simply
+      # create a column.
       def add_column(table_name, column_name, type, options = {})
         at = create_alter_table table_name
         at.add_column(column_name, type, options)
@@ -533,6 +537,8 @@ module ActiveRecord
       #
       #   CREATE UNIQUE INDEX index_accounts_on_branch_id_and_party_id ON accounts(branch_id, party_id) WHERE active
       #
+      # Note: Partial indexes are only supported for PostgreSQL and SQLite 3.8.0+.
+      #
       # ====== Creating an index with a specific method
       #
       #   add_index(:developers, :name, using: 'btree')
diff --git a/activerecord/lib/active_record/relation/calculations.rb b/activerecord/lib/active_record/relation/calculations.rb
index 8f16de3519..402b317d9c 100644
--- a/activerecord/lib/active_record/relation/calculations.rb
+++ b/activerecord/lib/active_record/relation/calculations.rb
@@ -130,9 +130,9 @@ module ActiveRecord
     # the plucked column names, if they can be deduced. Plucking an SQL fragment
     # returns String values by default.
     #
-    #   Person.pluck(:id)
-    #   # SELECT people.id FROM people
-    #   # => [1, 2, 3]
+    #   Person.pluck(:name)
+    #   # SELECT people.name FROM people
+    #   # => ['David', 'Jeremy', 'Jose']
     #
     #   Person.pluck(:id, :name)
     #   # SELECT people.id, people.name FROM people
@@ -150,6 +150,8 @@ module ActiveRecord
     #   # SELECT DATEDIFF(updated_at, created_at) FROM people
     #   # => ['0', '27761', '173']
     #
+    # See also +ids+.
+    #
     def pluck(*column_names)
       column_names.map! do |column_name|
         if column_name.is_a?(Symbol) && attribute_alias?(column_name)
diff --git a/activerecord/test/cases/schema_dumper_test.rb b/activerecord/test/cases/schema_dumper_test.rb
index 6c099719c0..63612e33af 100644
--- a/activerecord/test/cases/schema_dumper_test.rb
+++ b/activerecord/test/cases/schema_dumper_test.rb
@@ -73,7 +73,7 @@ class SchemaDumperTest < ActiveRecord::TestCase
       next if column_set.empty?
 
       lengths = column_set.map do |column|
-        if match = column.match(/t\.(?:integer|decimal|float|datetime|timestamp|time|date|text|binary|string|boolean|xml|uuid|point)\s+"/)
+        if match = column.match(/\bt\.\w+\s+"/)
           match[0].length
         end
       end.compact
diff --git a/activesupport/lib/active_support/core_ext/string/filters.rb b/activesupport/lib/active_support/core_ext/string/filters.rb
index 7461d03acc..375ec1aef8 100644
--- a/activesupport/lib/active_support/core_ext/string/filters.rb
+++ b/activesupport/lib/active_support/core_ext/string/filters.rb
@@ -17,9 +17,8 @@ class String
   #   str.squish!                         # => "foo bar boo"
   #   str                                 # => "foo bar boo"
   def squish!
-    gsub!(/\A[[:space:]]+/, '')
-    gsub!(/[[:space:]]+\z/, '')
     gsub!(/[[:space:]]+/, ' ')
+    strip!
     self
   end
 
diff --git a/guides/source/action_view_overview.md b/guides/source/action_view_overview.md
index abf6c0db11..44c02165db 100644
--- a/guides/source/action_view_overview.md
+++ b/guides/source/action_view_overview.md
@@ -356,7 +356,39 @@ Supposing we use the same `_box` partial from above, this would produce the same
 View Paths
 ----------
 
-TODO...
+When rendering the view for a request, the controller needs to resolve where to find each of the directories are located.
+
+We are able to modify the order these locations are resolved by using `prepend_view_path` and `append_view_path`.
+
+This allows us to add new paths to the beginning or end of the list used to resolve these paths.
+
+### Prepend view path
+
+This can be helpful for example, when we want to prepend a different directory for subdomains.
+
+We can do this by using:
+
+```prepend_view_path "app/views/#{request.subdomain}"```
+
+Then our list becomes something like:
+
+```
+[
+  ~/rails_app/app/views/<subdomain>,
+  ~/rails_app/app/views,
+  # ...
+]
+```
+
+This will put the subdomain path at the beginning of the list.
+
+### Append view path
+
+Similarly, we can append paths:
+
+```append_view_path "app/views/direct"```.
+
+This will add ```app/views/direct``` and the end of lookup paths for views.
 
 Overview of helpers provided by Action View
 -------------------------------------------
diff --git a/guides/source/association_basics.md b/guides/source/association_basics.md
index 8b6d70f1ad..abac54d22d 100644
--- a/guides/source/association_basics.md
+++ b/guides/source/association_basics.md
@@ -146,6 +146,17 @@ class CreateSuppliers < ActiveRecord::Migration
 end
 ```
 
+Depending on the use case, you might also need to create a unique index and/or
+a foreign key constraint on the supplier column for the accounts table. In this
+case, the column definition might look like this:
+
+```ruby
+create_table :accounts do |t|
+  t.belongs_to :supplier, index: true, unique: true, foreign_key: true
+  # ...
+end
+```
+
 ### The `has_many` Association
 
 A `has_many` association indicates a one-to-many connection with another model. You'll often find this association on the "other side" of a `belongs_to` association. This association indicates that each instance of the model has zero or more instances of another model. For example, in an application containing customers and orders, the customer model could be declared like this:
@@ -876,18 +887,26 @@ end
 
 With this declaration, Rails will keep the cache value up to date, and then return that value in response to the `size` method.
 
-Although the `:counter_cache` option is specified on the model that includes the `belongs_to` declaration, the actual column must be added to the _associated_ model. In the case above, you would need to add a column named `orders_count` to the `Customer` model. You can override the default column name if you need to:
+Although the `:counter_cache` option is specified on the model that includes
+the `belongs_to` declaration, the actual column must be added to the
+_associated_ (`has_many`) model. In the case above, you would need to add a
+column named `orders_count` to the `Customer` model.
+
+You can override the default column name by specifying a custom column name in
+the `counter_cache` declaration instead of `true`. For example, to use
+`count_of_orders` instead of `orders_count`:
 
 ```ruby
 class Order < ActiveRecord::Base
   belongs_to :customer, counter_cache: :count_of_orders
 end
 class Customer < ActiveRecord::Base
-  has_many :orders, counter_cache: :count_of_orders
+  has_many :orders
 end
 ```
 
-NOTE: You only need to specify the :counter_cache option on the "has_many side" of the association when using a custom name for the counter cache.
+NOTE: You only need to specify the :counter_cache option on the `belongs_to`
+side of the association.
 
 Counter cache columns are added to the containing model's list of read-only attributes through `attr_readonly`.
 
diff --git a/guides/source/engines.md b/guides/source/engines.md
index 84017d5e13..74b255f2cc 100644
--- a/guides/source/engines.md
+++ b/guides/source/engines.md
@@ -402,15 +402,6 @@ Finally, the assets for this resource are generated in two files:
 `app/assets/stylesheets/blorgh/articles.css`. You'll see how to use these a little
 later.
 
-By default, the scaffold styling is not applied to the engine because the
-engine's layout file, `app/views/layouts/blorgh/application.html.erb`, doesn't
-load it. To make the scaffold styling apply, insert this line into the `<head>`
-tag of this layout:
-
-```erb
-<%= stylesheet_link_tag "scaffold" %>
-```
-
 You can see what the engine has so far by running `rake db:migrate` at the root
 of our engine to run the migration generated by the scaffold generator, and then
 running `rails server` in `test/dummy`. When you open
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
index 6a14649853..da11f337ad 100644
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@@ -1,7 +1,7 @@
 *   Rename `railties/bin` to `railties/exe` to match the new Bundler executables convention.
-    
+
     *Islam Wazery*
- 
+
 *   Print `bundle install` output in `rails new` as soon as it's available
 
     Running `rails new` will now print the output of `bundle install` as