7 files changed, 44 insertions, 11 deletions

diff --git a/actionpack/lib/action_controller/metal/head.rb b/actionpack/lib/action_controller/metal/head.rb
index 43407f5b78..84a9112144 100644
--- a/actionpack/lib/action_controller/metal/head.rb
+++ b/actionpack/lib/action_controller/metal/head.rb
@@ -27,7 +27,7 @@ module ActionController
       self.status = status
       self.location = url_for(location) if location
 
-      if include_content?(self.status)
+      if include_content?(self._status_code)
         self.content_type = content_type || (Mime[formats.first] if formats)
         self.response.charset = false if self.response
         self.response_body = " "
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index 2eb7853aa6..3111992f82 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -90,17 +90,29 @@ module ActionController
       end
 
       def authenticate(request, &login_procedure)
-        unless request.authorization.blank?
+        if has_basic_credentials?(request)
           login_procedure.call(*user_name_and_password(request))
         end
       end
 
+      def has_basic_credentials?(request)
+        request.authorization.present? && (auth_scheme(request) == 'Basic')
+      end
+
       def user_name_and_password(request)
         decode_credentials(request).split(':', 2)
       end
 
       def decode_credentials(request)
-        ::Base64.decode64(request.authorization.split(' ', 2).last || '')
+        ::Base64.decode64(auth_param(request) || '')
+      end
+
+      def auth_scheme(request)
+        request.authorization.split(' ', 2).first
+      end
+
+      def auth_param(request)
+        request.authorization.split(' ', 2).second
       end
 
       def encode_credentials(user_name, password)
diff --git a/actionpack/lib/action_controller/metal/live.rb b/actionpack/lib/action_controller/metal/live.rb
index acf40b2e16..4c0554d27b 100644
--- a/actionpack/lib/action_controller/metal/live.rb
+++ b/actionpack/lib/action_controller/metal/live.rb
@@ -102,7 +102,8 @@ module ActionController
             end
           end
 
-          @stream.write "data: #{json}\n\n"
+          message = json.gsub("\n", "\ndata: ")
+          @stream.write "data: #{message}\n\n"
         end
     end
 
diff --git a/actionpack/lib/action_controller/metal/rack_delegation.rb b/actionpack/lib/action_controller/metal/rack_delegation.rb
index bdf6e88699..6921834044 100644
--- a/actionpack/lib/action_controller/metal/rack_delegation.rb
+++ b/actionpack/lib/action_controller/metal/rack_delegation.rb
@@ -6,7 +6,7 @@ module ActionController
     extend ActiveSupport::Concern
 
     delegate :headers, :status=, :location=, :content_type=,
-             :status, :location, :content_type, :to => "@_response"
+             :status, :location, :content_type, :_status_code, :to => "@_response"
 
     def dispatch(action, request)
       set_response!(request)
diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb
index 2812038938..136e086d0d 100644
--- a/actionpack/lib/action_controller/metal/redirecting.rb
+++ b/actionpack/lib/action_controller/metal/redirecting.rb
@@ -14,7 +14,7 @@ module ActionController
     include ActionController::RackDelegation
     include ActionController::UrlFor
 
-    # Redirects the browser to the target specified in +options+. This parameter can take one of three forms:
+    # Redirects the browser to the target specified in +options+. This parameter can be any one of:
     #
     # * <tt>Hash</tt> - The URL will be generated by calling url_for with the +options+.
     # * <tt>Record</tt> - The URL will be generated by calling url_for with the +options+, which will reference a named URL for that record.
@@ -24,6 +24,8 @@ module ActionController
     # * <tt>:back</tt> - Back to the page that issued the request. Useful for forms that are triggered from multiple places.
     #   Short-hand for <tt>redirect_to(request.env["HTTP_REFERER"])</tt>
     #
+    # === Examples:
+    #
     #   redirect_to action: "show", id: 5
     #   redirect_to post
     #   redirect_to "http://www.rubyonrails.org"
@@ -32,7 +34,7 @@ module ActionController
     #   redirect_to :back
     #   redirect_to proc { edit_post_url(@post) }
     #
-    # The redirection happens as a "302 Found" header unless otherwise specified.
+    # The redirection happens as a "302 Found" header unless otherwise specified using the <tt>:status</tt> option:
     #
     #   redirect_to post_url(@post), status: :found
     #   redirect_to action: 'atom', status: :moved_permanently
@@ -60,8 +62,10 @@ module ActionController
     #   redirect_to post_url(@post), status: 301, flash: { updated_post_id: @post.id }
     #   redirect_to({ action: 'atom' }, alert: "Something serious happened")
     #
-    # When using <tt>redirect_to :back</tt>, if there is no referrer, ActionController::RedirectBackError will be raised. You may specify some fallback
-    # behavior for this case by rescuing ActionController::RedirectBackError.
+    # When using <tt>redirect_to :back</tt>, if there is no referrer,
+    # <tt>ActionController::RedirectBackError</tt> will be raised. You
+    # may specify some fallback behavior for this case by rescuing
+    # <tt>ActionController::RedirectBackError</tt>.
     def redirect_to(options = {}, response_status = {}) #:doc:
       raise ActionControllerError.new("Cannot redirect to nil!") unless options
       raise AbstractController::DoubleRenderError if response_body
diff --git a/actionpack/lib/action_controller/metal/renderers.rb b/actionpack/lib/action_controller/metal/renderers.rb
index 0443b73953..29ce5abd55 100644
--- a/actionpack/lib/action_controller/metal/renderers.rb
+++ b/actionpack/lib/action_controller/metal/renderers.rb
@@ -6,6 +6,11 @@ module ActionController
     Renderers.add(key, &block)
   end
 
+  # See <tt>Renderers.remove</tt>
+  def self.remove_renderer(key)
+    Renderers.remove(key)
+  end
+
   class MissingRenderer < LoadError
     def initialize(format)
       super "No renderer defined for format: #{format}"
@@ -83,6 +88,17 @@ module ActionController
       RENDERERS << key.to_sym
     end
 
+    # This method is the opposite of add method.
+    #
+    # Usage:
+    #
+    #   ActionController::Renderers.remove(:csv)
+    def self.remove(key)
+      RENDERERS.delete(key.to_sym)
+      method = "_render_option_#{key}"
+      remove_method(method) if method_defined?(method)
+    end
+
     module All
       extend ActiveSupport::Concern
       include Renderers
diff --git a/actionpack/lib/action_controller/metal/url_for.rb b/actionpack/lib/action_controller/metal/url_for.rb
index 37d4a96ee1..89c3545323 100644
--- a/actionpack/lib/action_controller/metal/url_for.rb
+++ b/actionpack/lib/action_controller/metal/url_for.rb
@@ -23,12 +23,12 @@ module ActionController
     include AbstractController::UrlFor
 
     def url_options
-      @_url_options ||= super.reverse_merge(
+      @_url_options ||= {
         :host => request.host,
         :port => request.optional_port,
         :protocol => request.protocol,
         :_recall => request.symbolized_path_parameters
-      ).freeze
+      }.merge(super).freeze
 
       if (same_origin = _routes.equal?(env["action_dispatch.routes".freeze])) ||
          (script_name = env["ROUTES_#{_routes.object_id}_SCRIPT_NAME"]) ||