1 files changed, 93 insertions, 28 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 4f95a9bab9..93f75ba635 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,72 @@
+*   Add `ActionController::Parameters#include?`
+
+    *Justin Coyne*
+
+## Rails 5.0.0.beta1 (December 18, 2015) ##
+
+*   Deprecate `redirect_to :back` in favor of `redirect_back`, which accepts a
+    required `fallback_location` argument, thus eliminating the possibility of a
+    `RedirectBackError`.
+
+    *Derek Prior*
+
+*   Add `redirect_back` method to `ActionController::Redirecting` to provide a
+    way to safely redirect to the `HTTP_REFERER` if it is present, falling back
+    to a provided redirect otherwise.
+
+    *Derek Prior*
+
+*   `ActionController::TestCase` will be moved to it's own gem in Rails 5.1
+
+    With the speed improvements made to `ActionDispatch::IntegrationTest` we no
+    longer need to keep two separate code bases for testing controllers. In
+    Rails 5.1 `ActionController::TestCase` will be deprecated and moved into a
+    gem outside of Rails source.
+
+    This is a documentation deprecation so that going forward so new tests will use
+    `ActionDispatch::IntegrationTest` instead of `ActionController::TestCase`.
+
+    *Eileen M. Uchitelle*
+
+*   Add a `response_format` option to `ActionDispatch::DebugExceptions`
+    to configure the format of the response when errors occur in
+    development mode.
+
+    If `response_format` is `:default` the debug info will be rendered
+    in an HTML page. In the other hand, if the provided value is `:api`
+    the debug info will be rendered in the original response format.
+
+    *Jorge Bejar*
+
+*   Change the `protect_from_forgery` prepend default to `false`.
+
+    Per this comment
+    https://github.com/rails/rails/pull/18334#issuecomment-69234050 we want
+    `protect_from_forgery` to default to `prepend: false`.
+
+    `protect_from_forgery` will now be insterted into the callback chain at the
+    point it is called in your application. This is useful for cases where you
+    want to `protect_from_forgery` after you perform required authentication
+    callbacks or other callbacks that are required to run after forgery protection.
+
+    If you want `protect_from_forgery` callbacks to always run first, regardless of
+    position they are called in your application then you can add `prepend: true`
+    to your `protect_from_forgery` call.
+
+    Example:
+
+    ```ruby
+    protect_from_forgery prepend: true
+    ```
+
+    *Eileen M. Uchitelle*
+
+*   In url_for, never append a question mark to the URL when the query string
+    is empty anyway.  (It used to do that when called like `url_for(controller:
+    'x', action: 'y', q: {})`.)
+
+    *Paul Grayson*
+
 *   Catch invalid UTF-8 querystring values and respond with BadRequest
 
     Check querystring params for invalid UTF-8 characters, and raise an
@@ -17,31 +86,29 @@
 
     *Agis Anastasopoulos*
 
-*   Deprecate `config.static_cache_control` in favor of
-    `config.public_file_server.headers`
-
-    *Yuki Nishijima*
-
-*   Add the ability of returning arbitrary headers to ActionDispatch::Static
+*   Add the ability of returning arbitrary headers to `ActionDispatch::Static`.
 
     Now ActionDispatch::Static can accept HTTP headers so that developers
     will have control of returning arbitrary headers like
     'Access-Control-Allow-Origin' when a response is delivered. They can be
     configured with `#config`:
 
-      config.public_file_server.headers = {
-        "Cache-Control"               => "public, max-age=60",
-        "Access-Control-Allow-Origin" => "http://rubyonrails.org"
-      }
+    Example:
+
+        config.public_file_server.headers = {
+          "Cache-Control"               => "public, max-age=60",
+          "Access-Control-Allow-Origin" => "http://rubyonrails.org"
+        }
 
     *Yuki Nishijima*
 
 *   Allow multiple `root` routes in same scope level. Example:
 
-    ```ruby
-    root 'blog#show', constraints: ->(req) { Hostname.blog_site?(req.host) }
-    root 'landing#show'
-    ```
+    Example:
+
+        root 'blog#show', constraints: ->(req) { Hostname.blog_site?(req.host) }
+        root 'landing#show'
+
     *Rafael Sales*
 
 *   Fix regression in mounted engine named routes generation for app deployed to
@@ -52,12 +119,12 @@
 
     *Matthew Erhard*
 
-*   ActionDispatch::Response#new no longer applies default headers.  If you want
+*   `ActionDispatch::Response#new` no longer applies default headers. If you want
     default headers applied to the response object, then call
-    `ActionDispatch::Response.create`.  This change only impacts people who are
+    `ActionDispatch::Response.create`. This change only impacts people who are
     directly constructing an `ActionDispatch::Response` object.
 
-*   Accessing mime types via constants like `Mime::HTML` is deprecated.  Please
+*   Accessing mime types via constants like `Mime::HTML` is deprecated. Please
     change code like this:
 
       Mime::HTML
@@ -110,7 +177,7 @@
 
     *Jeremy Friesen*
 
-*   Using strings or symbols for middleware class names is deprecated.  Convert
+*   Using strings or symbols for middleware class names is deprecated. Convert
     things like this:
 
       middleware.use "Foo::Bar"
@@ -119,10 +186,10 @@
 
       middleware.use Foo::Bar
 
-*   ActionController::TestSession now accepts a default value as well as
+*   `ActionController::TestSession` now accepts a default value as well as
     a block for generating a default value based off the key provided.
 
-    This fixes calls to session#fetch in ApplicationController instances that
+    This fixes calls to `session#fetch` in `ApplicationController` instances that
     take more two arguments or a block from raising `ArgumentError: wrong
     number of arguments (2 for 1)` when performing controller tests.
 
@@ -173,10 +240,10 @@
     *Grey Baker*
 
 *   Add support for API only apps.
-    ActionController::API is added as a replacement of
-    ActionController::Base for this kind of applications.
+    `ActionController::API` is added as a replacement of
+    `ActionController::Base` for this kind of applications.
 
-    *Santiago Pastorino & Jorge Bejar*
+    *Santiago Pastorino*, *Jorge Bejar*
 
 *   Remove `assigns` and `assert_template`. Both methods have been extracted
     into a gem at https://github.com/rails/rails-controller-testing.
@@ -259,7 +326,7 @@
 
     *Peter Schröder*
 
-*   Drop request class from RouteSet constructor.
+*   Drop request class from `RouteSet` constructor.
 
     If you would like to use a custom request class, please subclass and implement
     the `request_class` method.
@@ -288,7 +355,7 @@
 
     *Jeremy Kemper*, *Yves Senn*
 
-*   Deprecate AbstractController#skip_action_callback in favor of individual skip_callback methods
+*   Deprecate `AbstractController#skip_action_callback` in favor of individual skip_callback methods
     (which can be made to raise an error if no callback was removed).
 
     *Iain Beeston*
@@ -494,9 +561,7 @@
     Fixes an issue where when an exception is raised in the request the additional
     payload data is not available.
 
-    See:
-    * #14903
-    * https://github.com/roidrage/lograge/issues/37
+    See #14903.
 
     *Dieter Komendera*, *Margus Pärt*