6 files changed, 36 insertions, 8 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index bf5c7003ff..903dba3eb4 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -97,9 +97,8 @@ module ActionController
   # environment they should only be set once at boot-time and never mutated at
   # runtime.
   #
-  # <tt>ActionController::Parameters</tt> inherits from
-  # <tt>ActiveSupport::HashWithIndifferentAccess</tt>, this means
-  # that you can fetch values using either <tt>:key</tt> or <tt>"key"</tt>.
+  # You can fetch values of <tt>ActionController::Parameters</tt> using either
+  # <tt>:key</tt> or <tt>"key"</tt>.
   #
   #   params = ActionController::Parameters.new(key: 'value')
   #   params[:key]  # => "value"
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb
index 472bb74add..fbbaa1a887 100644
--- a/actionpack/lib/action_controller/test_case.rb
+++ b/actionpack/lib/action_controller/test_case.rb
@@ -78,7 +78,9 @@ module ActionController
           # params parser middleware, and we should remove this roundtripping
           # when we switch to caling `call` on the controller
 
-          case content_mime_type.ref
+          case content_mime_type.to_sym
+          when nil
+            raise "Unknown Content-Type: #{content_type}"
           when :json
             data = ActiveSupport::JSON.encode(non_path_parameters)
             params = ActiveSupport::JSON.decode(data).with_indifferent_access
@@ -90,7 +92,8 @@ module ActionController
           when :url_encoded_form
             data = non_path_parameters.to_query
           else
-            raise "Unknown Content-Type: #{content_type}"
+            data = non_path_parameters.to_query
+            self.request_parameters = non_path_parameters
           end
         end
 
diff --git a/actionpack/lib/action_dispatch/http/response.rb b/actionpack/lib/action_dispatch/http/response.rb
index d1e1f1fcf6..45ffacd6f5 100644
--- a/actionpack/lib/action_dispatch/http/response.rb
+++ b/actionpack/lib/action_dispatch/http/response.rb
@@ -402,7 +402,7 @@ module ActionDispatch # :nodoc:
     end
 
     def rack_response(status, header)
-      if NO_CONTENT_CODES.include?(@status)
+      if NO_CONTENT_CODES.include?(status)
         header.delete CONTENT_TYPE
         header.delete 'Content-Length'
         [status, header, []]
diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index 3f7011d100..02b6cfe727 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -53,7 +53,7 @@ module ActionDispatch
     #
     # Note that changing the secret key will invalidate all existing sessions!
     #
-    # Because CookieStore extends Rack::Session::Abstract::ID, many of the
+    # Because CookieStore extends Rack::Session::Abstract::Persisted, many of the
     # options described there can be used to customize the session cookie that
     # is generated. For example:
     #
diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb
index b72953f1d1..47f475559a 100644
--- a/actionpack/lib/action_dispatch/middleware/ssl.rb
+++ b/actionpack/lib/action_dispatch/middleware/ssl.rb
@@ -15,7 +15,8 @@ module ActionDispatch
   #
   # Configure HSTS with `hsts: { … }`:
   #   * `expires`: How long, in seconds, these settings will stick. Defaults to
-  #     `18.weeks`, the minimum required to qualify for browser preload lists.
+  #     `180.days` (recommended). The minimum required to qualify for browser
+  #     preload lists is `18.weeks`.
   #   * `subdomains`: Set to `true` to tell the browser to apply these settings
   #     to all subdomains. This protects your cookies from interception by a
   #     vulnerable site on a subdomain. Defaults to `false`.
diff --git a/actionpack/test/controller/test_case_test.rb b/actionpack/test/controller/test_case_test.rb
index b3c3979c84..06bf9dec74 100644
--- a/actionpack/test/controller/test_case_test.rb
+++ b/actionpack/test/controller/test_case_test.rb
@@ -627,6 +627,31 @@ XML
     assert_equal "application/json", parsed_env["CONTENT_TYPE"]
   end
 
+  def test_mutating_content_type_headers_for_plain_text_files_sets_the_header
+    @request.headers['Content-Type'] = 'text/plain'
+    post :render_body, params: { name: 'foo.txt' }
+
+    assert_equal 'text/plain', @request.headers['Content-type']
+    assert_equal 'foo.txt', @request.request_parameters[:name]
+    assert_equal 'render_body', @request.path_parameters[:action]
+  end
+
+  def test_mutating_content_type_headers_for_html_files_sets_the_header
+    @request.headers['Content-Type'] = 'text/html'
+    post :render_body, params: { name: 'foo.html' }
+
+    assert_equal 'text/html', @request.headers['Content-type']
+    assert_equal 'foo.html', @request.request_parameters[:name]
+    assert_equal 'render_body', @request.path_parameters[:action]
+  end
+
+  def test_mutating_content_type_headers_for_non_registered_mime_type_raises_an_error
+    assert_raises(RuntimeError) do
+      @request.headers['Content-Type'] = 'type/fake'
+      post :render_body, params: { name: 'foo.fake' }
+    end
+  end
+
   def test_id_converted_to_string
     get :test_params, params: {
       id: 20, foo: Object.new