6 files changed, 49 insertions, 37 deletions

diff --git a/actionpack/lib/action_dispatch/http/mime_negotiation.rb b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
index 7acf91902d..e9b25339dc 100644
--- a/actionpack/lib/action_dispatch/http/mime_negotiation.rb
+++ b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
@@ -69,6 +69,8 @@ module ActionDispatch
             Array(Mime[parameters[:format]])
           elsif use_accept_header && valid_accept_header
             accepts
+          elsif extension_format = format_from_path_extension
+            [extension_format]
           elsif xhr?
             [Mime[:js]]
           else
@@ -160,6 +162,13 @@ module ActionDispatch
       def use_accept_header
         !self.class.ignore_accept_header
       end
+
+      def format_from_path_extension
+        path = @env['action_dispatch.original_path'] || @env['PATH_INFO']
+        if match = path && path.match(/\.(\w+)\z/)
+          Mime[match.captures.first]
+        end
+      end
     end
   end
 end
diff --git a/actionpack/lib/action_dispatch/http/mime_type.rb b/actionpack/lib/action_dispatch/http/mime_type.rb
index 95094c25c0..b8d395854c 100644
--- a/actionpack/lib/action_dispatch/http/mime_type.rb
+++ b/actionpack/lib/action_dispatch/http/mime_type.rb
@@ -1,7 +1,6 @@
 require 'singleton'
 require 'active_support/core_ext/module/attribute_accessors'
 require 'active_support/core_ext/string/starts_ends_with'
-require 'active_support/deprecation'
 
 module Mime
   class Mimes
@@ -48,15 +47,10 @@ module Mime
     def const_missing(sym)
       ext = sym.downcase
       if Mime[ext]
-        ActiveSupport::Deprecation.warn <<-eow
-Accessing mime types via constants is deprecated.  Please change:
-
-  `Mime::#{sym}`
-
-to:
-
-  `Mime[:#{ext}]`
-        eow
+        ActiveSupport::Deprecation.warn(<<-MSG.squish)
+          Accessing mime types via constants is deprecated.
+          Please change `Mime::#{sym}` to `Mime[:#{ext}]`.
+        MSG
         Mime[ext]
       else
         super
@@ -66,15 +60,10 @@ to:
     def const_defined?(sym, inherit = true)
       ext = sym.downcase
       if Mime[ext]
-        ActiveSupport::Deprecation.warn <<-eow
-Accessing mime types via constants is deprecated.  Please change:
-
-  `Mime.const_defined?(#{sym})`
-
-to:
-
-  `Mime[:#{ext}]`
-        eow
+        ActiveSupport::Deprecation.warn(<<-MSG.squish)
+          Accessing mime types via constants is deprecated.
+          Please change `Mime.const_defined?(#{sym})` to `Mime[:#{ext}]`.
+        MSG
         true
       else
         super
diff --git a/actionpack/lib/action_dispatch/http/parameters.rb b/actionpack/lib/action_dispatch/http/parameters.rb
index 248ecfd676..cca7376ffa 100644
--- a/actionpack/lib/action_dispatch/http/parameters.rb
+++ b/actionpack/lib/action_dispatch/http/parameters.rb
@@ -43,7 +43,7 @@ module ActionDispatch
       #
       #   {'action' => 'my_action', 'controller' => 'my_controller'}
       def path_parameters
-        get_header(PARAMETERS_KEY) || {}
+        get_header(PARAMETERS_KEY) || set_header(PARAMETERS_KEY, {})
       end
 
       private
@@ -55,11 +55,11 @@ module ActionDispatch
 
         begin
           strategy.call(raw_post)
-        rescue => e # JSON or Ruby code block errors
+        rescue # JSON or Ruby code block errors
           my_logger = logger || ActiveSupport::Logger.new($stderr)
           my_logger.debug "Error occurred while parsing request parameters.\nContents:\n\n#{raw_post}"
 
-          raise ParamsParser::ParseError.new(e.message, e)
+          raise ParamsParser::ParseError
         end
       end
 
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index bf20a33d36..29cf821090 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -36,8 +36,8 @@ module ActionDispatch
         HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING
         HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM
         HTTP_NEGOTIATE HTTP_PRAGMA HTTP_CLIENT_IP
-        HTTP_X_FORWARDED_FOR HTTP_VERSION
-        HTTP_X_REQUEST_ID HTTP_X_FORWARDED_HOST
+        HTTP_X_FORWARDED_FOR HTTP_ORIGIN HTTP_VERSION
+        HTTP_X_CSRF_TOKEN HTTP_X_REQUEST_ID HTTP_X_FORWARDED_HOST
         SERVER_ADDR
         ].freeze
 
@@ -49,6 +49,10 @@ module ActionDispatch
       METHOD
     end
 
+    def self.empty
+      new({})
+    end
+
     def initialize(env)
       super
       @method            = nil
@@ -59,13 +63,16 @@ module ActionDispatch
       @ip                = nil
     end
 
+    def commit_cookie_jar! # :nodoc:
+    end
+
     def check_path_parameters!
       # If any of the path parameters has an invalid encoding then
       # raise since it's likely to trigger errors further on.
       path_parameters.each do |key, value|
         next unless value.respond_to?(:valid_encoding?)
         unless value.valid_encoding?
-          raise ActionController::BadRequest, "Invalid parameter: #{key} => #{value}"
+          raise ActionController::BadRequest, "Invalid parameter encoding: #{key} => #{value.inspect}"
         end
       end
     end
@@ -306,10 +313,16 @@ module ActionDispatch
       end
     end
 
-    # Returns true if the request's content MIME type is
-    # +application/x-www-form-urlencoded+ or +multipart/form-data+.
+    # Determine whether the request body contains form-data by checking
+    # the request Content-Type for one of the media-types:
+    # "application/x-www-form-urlencoded" or "multipart/form-data". The
+    # list of form-data media types can be modified through the
+    # +FORM_DATA_MEDIA_TYPES+ array.
+    #
+    # A request body is not assumed to contain form-data when no
+    # Content-Type header is provided and the request_method is POST.
     def form_data?
-      FORM_DATA_MEDIA_TYPES.include?(content_mime_type.to_s)
+      FORM_DATA_MEDIA_TYPES.include?(media_type)
     end
 
     def body_stream #:nodoc:
@@ -338,10 +351,13 @@ module ActionDispatch
     # Override Rack's GET method to support indifferent access
     def GET
       fetch_header("action_dispatch.request.query_parameters") do |k|
-        set_header k, Request::Utils.normalize_encode_params(super || {})
+        rack_query_params = super || {}
+        # Check for non UTF-8 parameter values, which would cause errors later
+        Request::Utils.check_param_encoding(rack_query_params)
+        set_header k, Request::Utils.normalize_encode_params(rack_query_params)
       end
     rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
-      raise ActionController::BadRequest.new(:query, e)
+      raise ActionController::BadRequest.new("Invalid query parameters: #{e.message}")
     end
     alias :query_parameters :GET
 
@@ -357,7 +373,7 @@ module ActionDispatch
       self.request_parameters = Request::Utils.normalize_encode_params(super || {})
       raise
     rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
-      raise ActionController::BadRequest.new(:request, e)
+      raise ActionController::BadRequest.new("Invalid request parameters: #{e.message}")
     end
     alias :request_parameters :POST
 
diff --git a/actionpack/lib/action_dispatch/http/response.rb b/actionpack/lib/action_dispatch/http/response.rb
index c54efb6541..9b11111a67 100644
--- a/actionpack/lib/action_dispatch/http/response.rb
+++ b/actionpack/lib/action_dispatch/http/response.rb
@@ -149,7 +149,6 @@ module ActionDispatch # :nodoc:
 
       self.body, self.status = body, status
 
-      @blank        = false
       @cv           = new_cond
       @committed    = false
       @sending      = false
@@ -287,12 +286,8 @@ module ActionDispatch # :nodoc:
       @stream.write string
     end
 
-    EMPTY = " "
-
     # Allows you to manually set or override the response body.
     def body=(body)
-      @blank = true if body == EMPTY
-
       if body.respond_to?(:to_path)
         @stream = body
       else
@@ -417,6 +412,8 @@ module ActionDispatch # :nodoc:
     end
 
     def before_sending
+      headers.freeze
+      request.commit_cookie_jar! unless committed?
     end
 
     def build_buffer(response, body)
diff --git a/actionpack/lib/action_dispatch/http/url.rb b/actionpack/lib/action_dispatch/http/url.rb
index 92b10b6d3b..37f41ae988 100644
--- a/actionpack/lib/action_dispatch/http/url.rb
+++ b/actionpack/lib/action_dispatch/http/url.rb
@@ -81,7 +81,8 @@ module ActionDispatch
         def add_params(path, params)
           params = { params: params } unless params.is_a?(Hash)
           params.reject! { |_,v| v.to_param.nil? }
-          path << "?#{params.to_query}" unless params.empty?
+          query = params.to_query
+          path << "?#{query}" unless query.empty?
         end
 
         def add_anchor(path, anchor)