10 files changed, 35 insertions, 46 deletions

diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index d9041aecb7..6348bef4cb 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -20,7 +20,7 @@
 *   Introduce ActionDispatch::HostAuthorization
 
     This is a new middleware that guards against DNS rebinding attacks by
-    white-listing the allowed hosts a request can be made to.
+    explicitly permitting the hosts a request can be made to.
 
     Each host is checked with the case operator (`#===`) to support `RegExp`,
     `Proc`, `IPAddr` and custom objects as host allowances.
diff --git a/actionpack/lib/abstract_controller/caching/fragments.rb b/actionpack/lib/abstract_controller/caching/fragments.rb
index 4e454adc5f..18677ddd18 100644
--- a/actionpack/lib/abstract_controller/caching/fragments.rb
+++ b/actionpack/lib/abstract_controller/caching/fragments.rb
@@ -28,7 +28,6 @@ module AbstractController
         self.fragment_cache_keys = []
 
         if respond_to?(:helper_method)
-          helper_method :fragment_cache_key
           helper_method :combined_fragment_cache_key
         end
       end
diff --git a/actionpack/lib/action_controller/metal/helpers.rb b/actionpack/lib/action_controller/metal/helpers.rb
index 0faaac1ce4..f1fb7ab0f7 100644
--- a/actionpack/lib/action_controller/metal/helpers.rb
+++ b/actionpack/lib/action_controller/metal/helpers.rb
@@ -75,7 +75,7 @@ module ActionController
       # Provides a proxy to access helper methods from outside the view.
       def helpers
         @helper_proxy ||= begin
-          proxy = ActionView::Base.new
+          proxy = ActionView::Base.empty
           proxy.config = config.inheritable_copy
           proxy.extend(_helpers)
         end
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index cb28baa229..1611a8b3dd 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -488,13 +488,8 @@ module ActionDispatch
         end
 
         def cookie_metadata(name, options)
-          if request.use_cookies_with_metadata
-            metadata = expiry_options(options)
-            metadata[:purpose] = "cookie.#{name}"
-
-            metadata
-          else
-            {}
+          expiry_options(options).tap do |metadata|
+            metadata[:purpose] = "cookie.#{name}" if request.use_cookies_with_metadata
           end
         end
 
diff --git a/actionpack/lib/action_dispatch/middleware/debug_view.rb b/actionpack/lib/action_dispatch/middleware/debug_view.rb
index ac12dc13a1..5a7010a1c2 100644
--- a/actionpack/lib/action_dispatch/middleware/debug_view.rb
+++ b/actionpack/lib/action_dispatch/middleware/debug_view.rb
@@ -10,7 +10,9 @@ module ActionDispatch
     RESCUES_TEMPLATE_PATH = File.expand_path("templates", __dir__)
 
     def initialize(assigns)
-      super([RESCUES_TEMPLATE_PATH], assigns)
+      paths = [RESCUES_TEMPLATE_PATH]
+      renderer = ActionView::Renderer.new ActionView::LookupContext.new(paths)
+      super(renderer, assigns)
     end
 
     def debug_params(params)
diff --git a/actionpack/lib/action_dispatch/middleware/host_authorization.rb b/actionpack/lib/action_dispatch/middleware/host_authorization.rb
index 447b70112a..b7dff1df41 100644
--- a/actionpack/lib/action_dispatch/middleware/host_authorization.rb
+++ b/actionpack/lib/action_dispatch/middleware/host_authorization.rb
@@ -3,8 +3,8 @@
 require "action_dispatch/http/request"
 
 module ActionDispatch
-  # This middleware guards from DNS rebinding attacks by white-listing the
-  # hosts a request can be sent to.
+  # This middleware guards from DNS rebinding attacks by explicitly permitting
+  # the hosts a request can be sent to.
   #
   # When a request comes to an unauthorized host, the +response_app+
   # application will be executed and rendered. If no +response_app+ is given, a
diff --git a/actionpack/lib/action_dispatch/routing.rb b/actionpack/lib/action_dispatch/routing.rb
index 5cde677051..f832719f19 100644
--- a/actionpack/lib/action_dispatch/routing.rb
+++ b/actionpack/lib/action_dispatch/routing.rb
@@ -74,8 +74,8 @@ module ActionDispatch
   # For routes that don't fit the <tt>resources</tt> mold, you can use the HTTP helper
   # methods <tt>get</tt>, <tt>post</tt>, <tt>patch</tt>, <tt>put</tt> and <tt>delete</tt>.
   #
-  #   get 'post/:id' => 'posts#show'
-  #   post 'post/:id' => 'posts#create_comment'
+  #   get 'post/:id', to: 'posts#show'
+  #   post 'post/:id', to: 'posts#create_comment'
   #
   # Now, if you POST to <tt>/posts/:id</tt>, it will route to the <tt>create_comment</tt> action. A GET on the same
   # URL will route to the <tt>show</tt> action.
@@ -83,7 +83,7 @@ module ActionDispatch
   # If your route needs to respond to more than one HTTP method (or all methods) then using the
   # <tt>:via</tt> option on <tt>match</tt> is preferable.
   #
-  #   match 'post/:id' => 'posts#show', via: [:get, :post]
+  #   match 'post/:id', to: 'posts#show', via: [:get, :post]
   #
   # == Named routes
   #
@@ -94,7 +94,7 @@ module ActionDispatch
   # Example:
   #
   #   # In config/routes.rb
-  #   get '/login' => 'accounts#login', as: 'login'
+  #   get '/login', to: 'accounts#login', as: 'login'
   #
   #   # With render, redirect_to, tests, etc.
   #   redirect_to login_url
@@ -120,9 +120,9 @@ module ActionDispatch
   #
   #   # In config/routes.rb
   #   controller :blog do
-  #     get 'blog/show'     => :list
-  #     get 'blog/delete'   => :delete
-  #     get 'blog/edit'     => :edit
+  #     get 'blog/show',    to: :list
+  #     get 'blog/delete',  to: :delete
+  #     get 'blog/edit',    to: :edit
   #   end
   #
   #   # provides named routes for show, delete, and edit
@@ -132,7 +132,7 @@ module ActionDispatch
   #
   # Routes can generate pretty URLs. For example:
   #
-  #   get '/articles/:year/:month/:day' => 'articles#find_by_id', constraints: {
+  #   get '/articles/:year/:month/:day', to: 'articles#find_by_id', constraints: {
   #     year:       /\d{4}/,
   #     month:      /\d{1,2}/,
   #     day:        /\d{1,2}/
@@ -147,7 +147,7 @@ module ActionDispatch
   # You can specify a regular expression to define a format for a parameter.
   #
   #   controller 'geocode' do
-  #     get 'geocode/:postalcode' => :show, constraints: {
+  #     get 'geocode/:postalcode', to: :show, constraints: {
   #       postalcode: /\d{5}(-\d{4})?/
   #     }
   #   end
@@ -156,13 +156,13 @@ module ActionDispatch
   # expression modifiers:
   #
   #   controller 'geocode' do
-  #     get 'geocode/:postalcode' => :show, constraints: {
+  #     get 'geocode/:postalcode', to: :show, constraints: {
   #       postalcode: /hx\d\d\s\d[a-z]{2}/i
   #     }
   #   end
   #
   #   controller 'geocode' do
-  #     get 'geocode/:postalcode' => :show, constraints: {
+  #     get 'geocode/:postalcode', to: :show, constraints: {
   #       postalcode: /# Postalcode format
   #          \d{5} #Prefix
   #          (-\d{4})? #Suffix
@@ -178,13 +178,13 @@ module ActionDispatch
   #
   # You can redirect any path to another path using the redirect helper in your router:
   #
-  #   get "/stories" => redirect("/posts")
+  #   get "/stories", to: redirect("/posts")
   #
   # == Unicode character routes
   #
   # You can specify unicode character routes in your router:
   #
-  #   get "こんにちは" => "welcome#index"
+  #   get "こんにちは", to: "welcome#index"
   #
   # == Routing to Rack Applications
   #
@@ -192,7 +192,7 @@ module ActionDispatch
   # index action in the PostsController, you can specify any Rack application
   # as the endpoint for a matcher:
   #
-  #   get "/application.js" => Sprockets
+  #   get "/application.js", to: Sprockets
   #
   # == Reloading routes
   #
diff --git a/actionpack/lib/action_dispatch/system_test_case.rb b/actionpack/lib/action_dispatch/system_test_case.rb
index 484eb46331..066daa4a12 100644
--- a/actionpack/lib/action_dispatch/system_test_case.rb
+++ b/actionpack/lib/action_dispatch/system_test_case.rb
@@ -93,19 +93,19 @@ module ActionDispatch
   # of through the +options+ hash.
   #
   # As an example, if you want to add mobile emulation on chrome, you'll have to
-  # create an instance of selenium's `Chrome::Options` object and add
+  # create an instance of selenium's +Chrome::Options+ object and add
   # capabilities with a block.
   #
-  # The block will be passed an instance of `<Driver>::Options` where you can
+  # The block will be passed an instance of <tt><Driver>::Options</tt> where you can
   # define the capabilities you want. Please refer to your driver documentation
   # to learn about supported options.
   #
-  # class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
-  #   driven_by :chrome, screen_size: [1024, 768] do |driver_option|
-  #     driver_option.add_emulation(device: 'iPhone 6')
-  #     driver_option.add_extension('path/to/chrome_extension.crx')
+  #   class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
+  #     driven_by :selenium, using: :chrome, screen_size: [1024, 768] do |driver_option|
+  #       driver_option.add_emulation(device_name: 'iPhone 6')
+  #       driver_option.add_extension('path/to/chrome_extension.crx')
+  #     end
   #   end
-  # end
   #
   # Because <tt>ActionDispatch::SystemTestCase</tt> is a shim between Capybara
   # and Rails, any driver that is supported by Capybara is supported by system
diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb
index 8f9dbaf4b3..4aaac1320e 100644
--- a/actionpack/test/dispatch/cookies_test.rb
+++ b/actionpack/test/dispatch/cookies_test.rb
@@ -1193,11 +1193,7 @@ class CookiesTest < ActionController::TestCase
     get :encrypted_discount_and_user_id_cookie
 
     travel 2.hours
-    assert_equal 50, cookies.encrypted[:user_id]
-
-    cookies[:discount_percentage] = cookies[:user_id]
-    assert_not_equal 10, cookies.encrypted[:discount_percentage]
-    assert_equal 50, cookies.encrypted[:discount_percentage]
+    assert_nil cookies.signed[:user_id]
   end
 
   def test_switch_off_metadata_for_signed_cookies_if_config_is_false
@@ -1206,11 +1202,8 @@ class CookiesTest < ActionController::TestCase
     get :signed_discount_and_user_id_cookie
 
     travel 2.hours
-    assert_equal 50, cookies.signed[:user_id]
 
-    cookies[:discount_percentage] = cookies[:user_id]
-    assert_not_equal 10, cookies.signed[:discount_percentage]
-    assert_equal 50, cookies.signed[:discount_percentage]
+    assert_nil cookies.signed[:user_id]
   end
 
   def test_read_rails_5_2_stable_encrypted_cookies_if_config_is_false
diff --git a/actionpack/test/dispatch/host_authorization_test.rb b/actionpack/test/dispatch/host_authorization_test.rb
index dae7b08ec1..5263dd2597 100644
--- a/actionpack/test/dispatch/host_authorization_test.rb
+++ b/actionpack/test/dispatch/host_authorization_test.rb
@@ -15,7 +15,7 @@ class HostAuthorizationTest < ActionDispatch::IntegrationTest
     assert_match "Blocked host: www.example.com", response.body
   end
 
-  test "passes all requests to if the whitelist is empty" do
+  test "allows all requests if hosts is empty" do
     @app = ActionDispatch::HostAuthorization.new(App, nil)
 
     get "/"
@@ -24,7 +24,7 @@ class HostAuthorizationTest < ActionDispatch::IntegrationTest
     assert_equal "Success", body
   end
 
-  test "passes requests to allowed host" do
+  test "hosts can be a single element array" do
     @app = ActionDispatch::HostAuthorization.new(App, %w(www.example.com))
 
     get "/"
@@ -33,7 +33,7 @@ class HostAuthorizationTest < ActionDispatch::IntegrationTest
     assert_equal "Success", body
   end
 
-  test "the whitelist could be a single element" do
+  test "hosts can be a string" do
     @app = ActionDispatch::HostAuthorization.new(App, "www.example.com")
 
     get "/"