Show detailed exceptions no longer returns true if the request is local in production.

actionpack/CHANGELOG.md

@@ -68,9 +68,9 @@
           <%= f.text_field :version %>
         <% end %>
 
-*   Refactor ActionDispatch::ShowExceptions. Controller is responsible for choosing to show exceptions when `consider_all_requests_local` is false. *Sergey Nartimov*
+*   Refactor ActionDispatch::ShowExceptions. The controller is responsible for choosing to show exceptions when `consider_all_requests_local` is false.
 
-    It's possible to override `show_detailed_exceptions?` in controllers to specify which requests should provide debugging information on errors.
+    It's possible to override `show_detailed_exceptions?` in controllers to specify which requests should provide debugging information on errors. The default value is now false, meaning local requests in production will no longer show the detailed exceptions page unless `show_detailed_exceptions?` is overridden and set to `request.local?`.
 
 *   Responders now return 204 No Content for API requests without a response body (as in the new scaffold) *José Valim*
 

actionpack/lib/action_controller/metal/rescue.rb

 module ActionController #:nodoc:
+  # This module is responsible to provide `rescue_from` helpers
+  # to controllers and configure when detailed exceptions must be
+  # shown.
   module Rescue
     extend ActiveSupport::Concern
     include ActiveSupport::Rescuable
@@ -12,8 +15,13 @@ def rescue_with_handler(exception)
       super(exception)
     end
 
+    # Override this method if you want to customize when detailed
+    # exceptions must be shown. This method is only called when
+    # consider_all_requests_local is false. By default, it returns
+    # false, but someone may set it to `request.local?` so local
+    # requests in production still shows the detailed exception pages.
     def show_detailed_exceptions?
-      request.local?
+      false
     end
 
     private

actionpack/test/controller/new_base/render_template_test.rb

@@ -59,6 +59,12 @@ def with_implicit_raw
     def with_error
       render :template => "test/with_error"
     end
+
+    private
+
+    def show_detailed_exceptions?
+      request.local?
+    end
   end
 
   class TestWithoutLayout < Rack::TestCase

actionpack/test/controller/show_exceptions_test.rb

@@ -16,6 +16,10 @@ def boom
     def another_boom
       raise 'boom!'
     end
+
+    def show_detailed_exceptions?
+      request.local?
+    end
   end
 
   class ShowExceptionsTest < ActionDispatch::IntegrationTest
@@ -26,7 +30,7 @@ class ShowExceptionsTest < ActionDispatch::IntegrationTest
       assert_equal "500 error fixture\n", body
     end
 
-    test 'show diagnostics from a local ip' do
+    test 'show diagnostics from a local ip if show_detailed_exceptions? is set to request.local?' do
       @app = ShowExceptionsController.action(:boom)
       ['127.0.0.1', '127.0.0.127', '::1', '0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1%0'].each do |ip_address|
         self.remote_addr = ip_address

railties/test/application/middleware/exceptions_test.rb

@@ -88,6 +88,7 @@ def call(env)
 
     test "displays diagnostics message when exception raised in template that contains UTF-8" do
       app.config.action_dispatch.show_exceptions = true
+      app.config.consider_all_requests_local = true
 
       controller :foo, <<-RUBY
         class FooController < ActionController::Base