11 files changed, 26 insertions, 87 deletions

diff --git a/actionpack/lib/action_controller/metal.rb b/actionpack/lib/action_controller/metal.rb
index 6dd213b2f7..993f8e150d 100644
--- a/actionpack/lib/action_controller/metal.rb
+++ b/actionpack/lib/action_controller/metal.rb
@@ -173,6 +173,7 @@ module ActionController
     def status
       @_status
     end
+    alias :response_code :status # :nodoc:
 
     def status=(status)
       @_status = Rack::Utils.status_code(status)
@@ -236,9 +237,5 @@ module ActionController
         lambda { |env| new.dispatch(name, klass.new(env)) }
       end
     end
-
-    def _status_code #:nodoc:
-      @_status
-    end
   end
 end
diff --git a/actionpack/lib/action_controller/metal/head.rb b/actionpack/lib/action_controller/metal/head.rb
index 3d2badf9c2..0d93e2f7aa 100644
--- a/actionpack/lib/action_controller/metal/head.rb
+++ b/actionpack/lib/action_controller/metal/head.rb
@@ -29,14 +29,14 @@ module ActionController
       self.status = status
       self.location = url_for(location) if location
 
-      if include_content?(self._status_code)
+      self.response_body = ""
+
+      if include_content?(self.response_code)
         self.content_type = content_type || (Mime[formats.first] if formats)
         self.response.charset = false if self.response
-        self.response_body = " "
       else
         headers.delete('Content-Type')
         headers.delete('Content-Length')
-        self.response_body = ""
       end
     end
 
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index fd578d60ca..a219d35b25 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -53,10 +53,8 @@ module ActionController
     # In your integration tests, you can do something like this:
     #
     #   def test_access_granted_from_xml
-    #     get(
-    #       "/notes/1.xml", nil,
-    #       'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password)
-    #     )
+    #     @request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password)
+    #     get "/notes/1.xml"
     #
     #     assert_equal 200, status
     #   end
diff --git a/actionpack/lib/action_controller/metal/instrumentation.rb b/actionpack/lib/action_controller/metal/instrumentation.rb
index bef7545e71..a3e1a71b0a 100644
--- a/actionpack/lib/action_controller/metal/instrumentation.rb
+++ b/actionpack/lib/action_controller/metal/instrumentation.rb
@@ -28,10 +28,13 @@ module ActionController
       ActiveSupport::Notifications.instrument("start_processing.action_controller", raw_payload.dup)
 
       ActiveSupport::Notifications.instrument("process_action.action_controller", raw_payload) do |payload|
-        result = super
-        payload[:status] = response.status
-        append_info_to_payload(payload)
-        result
+        begin
+          result = super
+          payload[:status] = response.status
+          result
+        ensure
+          append_info_to_payload(payload)
+        end
       end
     end
 
diff --git a/actionpack/lib/action_controller/metal/mime_responds.rb b/actionpack/lib/action_controller/metal/mime_responds.rb
index ac1f209232..7dae171215 100644
--- a/actionpack/lib/action_controller/metal/mime_responds.rb
+++ b/actionpack/lib/action_controller/metal/mime_responds.rb
@@ -1,28 +1,7 @@
-require 'active_support/core_ext/array/extract_options'
 require 'abstract_controller/collector'
 
 module ActionController #:nodoc:
   module MimeResponds
-    extend ActiveSupport::Concern
-
-    module ClassMethods
-      def respond_to(*)
-        raise NoMethodError, "The controller-level `respond_to' feature has " \
-          "been extracted to the `responders` gem. Add it to your Gemfile to " \
-          "continue using this feature:\n" \
-          "  gem 'responders', '~> 2.0'\n" \
-          "Consult the Rails upgrade guide for details."
-      end
-    end
-
-    def respond_with(*)
-      raise NoMethodError, "The `respond_with' feature has been extracted " \
-        "to the `responders` gem. Add it to your Gemfile to continue using " \
-        "this feature:\n" \
-        "  gem 'responders', '~> 2.0'\n" \
-        "Consult the Rails upgrade guide for details."
-    end
-
     # Without web-service support, an action which collects the data for displaying a list of people
     # might look something like this:
     #
diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb
index b44493ff7c..a7e734db42 100644
--- a/actionpack/lib/action_controller/metal/params_wrapper.rb
+++ b/actionpack/lib/action_controller/metal/params_wrapper.rb
@@ -1,7 +1,6 @@
 require 'active_support/core_ext/hash/slice'
 require 'active_support/core_ext/hash/except'
 require 'active_support/core_ext/module/anonymous'
-require 'active_support/core_ext/struct'
 require 'action_dispatch/http/mime_type'
 
 module ActionController
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index fd20682f8f..d1fab27e17 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -209,6 +209,7 @@ module ActionController #:nodoc:
         forgery_protection_strategy.new(self).handle_unverified_request
       end
 
+      #:nodoc:
       CROSS_ORIGIN_JAVASCRIPT_WARNING = "Security warning: an embedded " \
         "<script> tag on another site requested protected JavaScript. " \
         "If you know what you're doing, go ahead and disable forgery " \
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index f08c84de5b..01bbd749c1 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -92,7 +92,11 @@ module ActionController
   #   params.permit(:c)
   #   # => ActionController::UnpermittedParameters: found unpermitted keys: a, b
   #
-  # <tt>ActionController::Parameters</tt> is inherited from
+  # Please note that these options *are not thread-safe*. In a multi-threaded
+  # environment they should only be set once at boot-time and never mutated at
+  # runtime.
+  #
+  # <tt>ActionController::Parameters</tt> inherits from
   # <tt>ActiveSupport::HashWithIndifferentAccess</tt>, this means
   # that you can fetch values using either <tt>:key</tt> or <tt>"key"</tt>.
   #
@@ -100,6 +104,7 @@ module ActionController
   #   params[:key]  # => "value"
   #   params["key"] # => "value"
   class Parameters < ActiveSupport::HashWithIndifferentAccess
+    cattr_accessor :permit_all_parameters, instance_accessor: false
     cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false
 
     # By default, never raise an UnpermittedParameters exception if these
@@ -122,16 +127,6 @@ module ActionController
       always_permitted_parameters
     end
 
-    # Returns the value of +permit_all_parameters+.
-    def self.permit_all_parameters
-      Thread.current[:action_controller_permit_all_parameters]
-    end
-
-    # Sets the value of +permit_all_parameters+.
-    def self.permit_all_parameters=(value)
-      Thread.current[:action_controller_permit_all_parameters] = value
-    end
-
     # Returns a new instance of <tt>ActionController::Parameters</tt>.
     # Also, sets the +permitted+ attribute to the default value of
     # <tt>ActionController::Parameters.permit_all_parameters</tt>.
diff --git a/actionpack/lib/action_controller/metal/url_for.rb b/actionpack/lib/action_controller/metal/url_for.rb
index 0f2fa5fb08..572d1770f7 100644
--- a/actionpack/lib/action_controller/metal/url_for.rb
+++ b/actionpack/lib/action_controller/metal/url_for.rb
@@ -30,9 +30,9 @@ module ActionController
         :_recall => request.path_parameters
       }.merge!(super).freeze
 
-      if (same_origin = _routes.equal?(env["action_dispatch.routes".freeze])) ||
-         (script_name = env["ROUTES_#{_routes.object_id}_SCRIPT_NAME"]) ||
-         (original_script_name = env['ORIGINAL_SCRIPT_NAME'.freeze])
+      if (same_origin = _routes.equal?(request.routes)) ||
+         (script_name = request.engine_script_name(_routes)) ||
+         (original_script_name = request.original_script_name)
 
         options = @_url_options.dup
         if original_script_name
diff --git a/actionpack/lib/action_controller/model_naming.rb b/actionpack/lib/action_controller/model_naming.rb
deleted file mode 100644
index 2b33f67263..0000000000
--- a/actionpack/lib/action_controller/model_naming.rb
+++ /dev/null
@@ -1,12 +0,0 @@
-module ActionController
-  module ModelNaming
-    # Converts the given object to an ActiveModel compliant one.
-    def convert_to_model(object)
-      object.respond_to?(:to_model) ? object.to_model : object
-    end
-
-    def model_name_from_record_or_class(record_or_class)
-      convert_to_model(record_or_class).model_name
-    end
-  end
-end
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb
index b9172f8fa3..2e6c58b83a 100644
--- a/actionpack/lib/action_controller/test_case.rb
+++ b/actionpack/lib/action_controller/test_case.rb
@@ -2,7 +2,6 @@ require 'rack/session/abstract/id'
 require 'active_support/core_ext/object/to_query'
 require 'active_support/core_ext/module/anonymous'
 require 'active_support/core_ext/hash/keys'
-require 'active_support/deprecation'
 
 require 'rails-dom-testing'
 
@@ -67,7 +66,8 @@ module ActionController
 
     def reset_template_assertion
       RENDER_TEMPLATE_INSTANCE_VARIABLES.each do |instance_variable|
-        instance_variable_get("@_#{instance_variable}").clear
+        ivar = instance_variable_get("@_#{instance_variable}")
+        ivar.clear if ivar
       end
     end
 
@@ -713,28 +713,7 @@ module ActionController
             :relative_url_root => nil,
             :_recall => @request.path_parameters)
 
-          if route_name = options.delete(:use_route)
-            ActiveSupport::Deprecation.warn <<-MSG.squish
-              Passing the `use_route` option in functional tests are deprecated.
-              Support for this option in the `process` method (and the related
-              `get`, `head`, `post`, `patch`, `put` and `delete` helpers) will
-              be removed in the next version without replacement.
-
-              Functional tests are essentially unit tests for controllers and
-              they should not require knowledge to how the application's routes
-              are configured. Instead, you should explicitly pass the appropiate
-              params to the `process` method.
-
-              Previously the engines guide also contained an incorrect example
-              that recommended using this option to test an engine's controllers
-              within the dummy application. That recommendation was incorrect
-              and has since been corrected. Instead, you should override the
-              `@routes` variable in the test case with `Foo::Engine.routes`. See
-              the updated engines guide for details.
-            MSG
-          end
-
-          url, query_string = @routes.path_for(options, route_name).split("?", 2)
+          url, query_string = @routes.path_for(options).split("?", 2)
 
           @request.env["SCRIPT_NAME"] = @controller.config.relative_url_root
           @request.env["PATH_INFO"] = url