1 files changed, 14 insertions, 6 deletions

diff --git a/railties/lib/rails/application/default_middleware_stack.rb b/railties/lib/rails/application/default_middleware_stack.rb
index 381e548730..193cc59f3a 100644
--- a/railties/lib/rails/application/default_middleware_stack.rb
+++ b/railties/lib/rails/application/default_middleware_stack.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rails
   class Application
     class DefaultMiddlewareStack
@@ -10,7 +12,9 @@ module Rails
       end
 
       def build_stack
-        ActionDispatch::MiddlewareStack.new.tap do |middleware|
+        ActionDispatch::MiddlewareStack.new do |middleware|
+          middleware.use ::ActionDispatch::HostAuthorization, config.hosts, config.action_dispatch.hosts_response_app
+
           if config.force_ssl
             middleware.use ::ActionDispatch::SSL, config.ssl_options
           end
@@ -19,7 +23,6 @@ module Rails
 
           if config.public_file_server.enabled
             headers = config.public_file_server.headers || {}
-            headers['Cache-Control'.freeze] = config.static_cache_control if config.static_cache_control
 
             middleware.use ::ActionDispatch::Static, paths["public"].first, index: config.public_file_server.index_name, headers: headers
           end
@@ -41,12 +44,11 @@ module Rails
           middleware.use ::Rack::Runtime
           middleware.use ::Rack::MethodOverride unless config.api_only
           middleware.use ::ActionDispatch::RequestId
+          middleware.use ::ActionDispatch::RemoteIp, config.action_dispatch.ip_spoofing_check, config.action_dispatch.trusted_proxies
 
-          # Must come after Rack::MethodOverride to properly log overridden methods
           middleware.use ::Rails::Rack::Logger, config.log_tags
           middleware.use ::ActionDispatch::ShowExceptions, show_exceptions_app
           middleware.use ::ActionDispatch::DebugExceptions, app, config.debug_exception_response_format
-          middleware.use ::ActionDispatch::RemoteIp, config.action_dispatch.ip_spoofing_check, config.action_dispatch.trusted_proxies
 
           unless config.cache_classes
             middleware.use ::ActionDispatch::Reloader, app.reloader
@@ -63,9 +65,15 @@ module Rails
             middleware.use ::ActionDispatch::Flash
           end
 
+          unless config.api_only
+            middleware.use ::ActionDispatch::ContentSecurityPolicy::Middleware
+          end
+
           middleware.use ::Rack::Head
           middleware.use ::Rack::ConditionalGet
           middleware.use ::Rack::ETag, "no-cache"
+
+          middleware.use ::Rack::TempfileReaper unless config.api_only
         end
       end
 
@@ -76,9 +84,9 @@ module Rails
           return unless rack_cache
 
           begin
-            require 'rack/cache'
+            require "rack/cache"
           rescue LoadError => error
-            error.message << ' Be sure to add rack-cache to your Gemfile'
+            error.message << " Be sure to add rack-cache to your Gemfile"
             raise
           end