3 files changed, 12 insertions, 51 deletions

diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index 5ea1b2cc1a..1d286524f4 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -19,20 +19,6 @@ module ActionController
     end
   end
 
-  # Raised when a supplied parameter is not permitted.
-  #
-  #   params = ActionController::Parameters.new(a: "123", b: "456")
-  #   params.permit(:c)
-  #   # => ActionController::UnpermittedParameters: found unpermitted keys: a, b
-  class UnpermittedParameters < IndexError
-    attr_reader :params # :nodoc:
-
-    def initialize(params) # :nodoc:
-      @params = params
-      super("found unpermitted keys: #{params.join(", ")}")
-    end
-  end
-
   # == Action Controller \Parameters
   #
   # Allows to choose which attributes should be whitelisted for mass updating
@@ -57,14 +43,10 @@ module ActionController
   #   Person.first.update!(permitted)
   #   # => #<Person id: 1, name: "Francesco", age: 22, role: "user">
   #
-  # It provides two options that controls the top-level behavior of new instances:
-  #
-  # * +permit_all_parameters+ - If it's +true+, all the parameters will be
-  #   permitted by default. The default is +false+.
-  # * +raise_on_unpermitted_parameters+ - If it's +true+, it will raise an
-  #   ActionController::UnpermittedParameters exception if parameters that are not
-  #   explicitly permitted are found. The default value is +true+ in test and
-  #   development environments, +false+ otherwise.
+  # It provides a +permit_all_parameters+ option that controls the top-level
+  # behaviour of new instances. If it's +true+, all the parameters will be
+  # permitted by default. The default value for +permit_all_parameters+
+  # option is +false+.
   #
   #   params = ActionController::Parameters.new
   #   params.permitted? # => false
@@ -74,16 +56,6 @@ module ActionController
   #   params = ActionController::Parameters.new
   #   params.permitted? # => true
   #
-  #   params = ActionController::Parameters.new(a: "123", b: "456")
-  #   params.permit(:c)
-  #   # => {}
-  #
-  #   ActionController::Parameters.raise_on_unpermitted_parameters = true
-  #
-  #   params = ActionController::Parameters.new(a: "123", b: "456")
-  #   params.permit(:c)
-  #   # => ActionController::UnpermittedParameters: found unpermitted keys: a, b
-  #
   # <tt>ActionController::Parameters</tt> is inherited from
   # <tt>ActiveSupport::HashWithIndifferentAccess</tt>, this means
   # that you can fetch values using either <tt>:key</tt> or <tt>"key"</tt>.
@@ -93,7 +65,6 @@ module ActionController
   #   params["key"] # => "value"
   class Parameters < ActiveSupport::HashWithIndifferentAccess
     cattr_accessor :permit_all_parameters, instance_accessor: false
-    cattr_accessor :raise_on_unpermitted_parameters, instance_accessor: false
 
     # Returns a new instance of <tt>ActionController::Parameters</tt>.
     # Also, sets the +permitted+ attribute to the default value of
@@ -251,13 +222,6 @@ module ActionController
         end
       end
 
-      if Parameters.raise_on_unpermitted_parameters
-        unpermitted_keys = self.keys - params.keys
-        if unpermitted_keys.any?
-          raise ActionController::UnpermittedParameters.new(unpermitted_keys)
-        end
-      end
-
       params.permit!
     end
 
diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb
index 731d66b0cf..3e44155f73 100644
--- a/actionpack/lib/action_controller/railtie.rb
+++ b/actionpack/lib/action_controller/railtie.rb
@@ -20,25 +20,22 @@ module ActionController
     end
 
     initializer "action_controller.parameters_config" do |app|
-      options = app.config.action_controller
-
-      ActionController::Parameters.permit_all_parameters = options.delete(:permit_all_parameters) { false }
-      ActionController::Parameters.raise_on_unpermitted_parameters = options.delete(:raise_on_unpermitted_parameters) { Rails.env.test? || Rails.env.development? }
+      ActionController::Parameters.permit_all_parameters = app.config.action_controller.delete(:permit_all_parameters) { false }
     end
 
     initializer "action_controller.set_configs" do |app|
       paths   = app.config.paths
       options = app.config.action_controller
 
-      options.logger            ||= Rails.logger
-      options.cache_store       ||= Rails.cache
+      options.logger               ||= Rails.logger
+      options.cache_store          ||= Rails.cache
 
-      options.javascripts_dir   ||= paths["public/javascripts"].first
-      options.stylesheets_dir   ||= paths["public/stylesheets"].first
+      options.javascripts_dir      ||= paths["public/javascripts"].first
+      options.stylesheets_dir      ||= paths["public/stylesheets"].first
 
       # Ensure readers methods get compiled
-      options.asset_host        ||= app.config.asset_host
-      options.relative_url_root ||= app.config.relative_url_root
+      options.asset_host           ||= app.config.asset_host
+      options.relative_url_root    ||= app.config.relative_url_root
 
       ActiveSupport.on_load(:action_controller) do
         include app.routes.mounted_helpers
diff --git a/actionpack/lib/action_dispatch/middleware/static.rb b/actionpack/lib/action_dispatch/middleware/static.rb
index e3b15b43b9..1c9512ad01 100644
--- a/actionpack/lib/action_dispatch/middleware/static.rb
+++ b/actionpack/lib/action_dispatch/middleware/static.rb
@@ -6,7 +6,7 @@ module ActionDispatch
     def initialize(root, cache_control)
       @root          = root.chomp('/')
       @compiled_root = /^#{Regexp.escape(root)}/
-      @file_server   = ::Rack::File.new(@root, cache_control)
+      @file_server   = ::Rack::File.new(@root, 'Cache-Control' => cache_control)
     end
 
     def match?(path)