1 files changed, 29 insertions, 11 deletions

diff --git a/railties/lib/rails/application/default_middleware_stack.rb b/railties/lib/rails/application/default_middleware_stack.rb
index a00afe008c..387d92db73 100644
--- a/railties/lib/rails/application/default_middleware_stack.rb
+++ b/railties/lib/rails/application/default_middleware_stack.rb
@@ -17,8 +17,11 @@ module Rails
 
           middleware.use ::Rack::Sendfile, config.action_dispatch.x_sendfile_header
 
-          if config.serve_static_assets
-            middleware.use ::ActionDispatch::Static, paths["public"].first, config.static_cache_control
+          if config.serve_static_files
+            headers = config.public_file_server.headers || {}
+            headers['Cache-Control'.freeze] = config.static_cache_control if config.static_cache_control
+
+            middleware.use ::ActionDispatch::Static, paths["public"].first, index: config.static_index, headers: headers
           end
 
           if rack_cache = load_rack_cache
@@ -26,9 +29,29 @@ module Rails
             middleware.use ::Rack::Cache, rack_cache
           end
 
-          middleware.use ::Rack::Lock unless allow_concurrency?
+          if config.allow_concurrency == false
+            # User has explicitly opted out of concurrent request
+            # handling: presumably their code is not threadsafe
+
+            middleware.use ::Rack::Lock
+
+          elsif config.allow_concurrency == :unsafe
+            # Do nothing, even if we know this is dangerous. This is the
+            # historical behaviour for true.
+
+          else
+            # Default concurrency setting: enabled, but safe
+
+            unless config.cache_classes && config.eager_load
+              # Without cache_classes + eager_load, the load interlock
+              # is required for proper operation
+
+              middleware.use ::ActionDispatch::LoadInterlock
+            end
+          end
+
           middleware.use ::Rack::Runtime
-          middleware.use ::Rack::MethodOverride
+          middleware.use ::Rack::MethodOverride unless config.api_only
           middleware.use ::ActionDispatch::RequestId
 
           # Must come after Rack::MethodOverride to properly log overridden methods
@@ -42,9 +65,9 @@ module Rails
           end
 
           middleware.use ::ActionDispatch::Callbacks
-          middleware.use ::ActionDispatch::Cookies
+          middleware.use ::ActionDispatch::Cookies unless config.api_only
 
-          if config.session_store
+          if !config.api_only && config.session_store
             if config.force_ssl && !config.session_options.key?(:secure)
               config.session_options[:secure] = true
             end
@@ -52,7 +75,6 @@ module Rails
             middleware.use ::ActionDispatch::Flash
           end
 
-          middleware.use ::ActionDispatch::ParamsParser
           middleware.use ::Rack::Head
           middleware.use ::Rack::ConditionalGet
           middleware.use ::Rack::ETag, "no-cache"
@@ -65,10 +87,6 @@ module Rails
           config.reload_classes_only_on_change != true || app.reloaders.map(&:updated?).any?
         end
 
-        def allow_concurrency?
-          config.allow_concurrency.nil? ? config.cache_classes : config.allow_concurrency
-        end
-
         def load_rack_cache
           rack_cache = config.action_dispatch.rack_cache
           return unless rack_cache