Fix incorrect assert_block -> assert conversion. Assumed too much from the MiniTest deprecation message.

Raise a rescuable exception when Rails doesn't know what to do with the format, rather than responding with a head :not_acceptable (406)

specify a role for identifying accessible attributes when wrapping params

options aren't modified inside send_file_headers!

IE since version 6 and recently Chrome and Firefox have started following
302 redirects from XHR requests other than GET/POST using the original request
method. This can lead to DELETE requests being redirected amongst other things.

Although it doesn't directly affect the Rails framework since it doesn't return
a 302 redirect to any non-GET/POST request a note has been added to raise
awareness of the issue. Some references:

Original article from @technoweenie:
http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/

Hacker News discussion of the article:
http://news.ycombinator.com/item?id=2903493

WebKit bug report:
https://bugs.webkit.org/show_bug.cgi?id=46183

Firefox bug report and changeset:
https://bugzilla.mozilla.org/show_bug.cgi?id=598304
https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d

Chrome bug report:
http://code.google.com/p/chromium/issues/detail?id=56373

HTTPbis bug report and changeset:
http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160
http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428

Roy T. Fielding's history of the issue:
http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html

Automated browser tests for the issue:
http://www.mnot.net/javascript/xmlhttprequest/

Fixes #4144

This may break existing tests that are asserting the whole session contents
but should not break existing tests that are asserting individual keys - e.g:

class SomeControllerTest < ActionController::TestCase
  setup do
    session['user_id'] = 1
  end

  test "some test" do
    get :some_action, nil, { 'another_var' => 2 }

    # This assertion will now fail
    assert_equal({ 'another_var' => 2 }, session)

    # This assertion will still pass
    assert_equal 2, session['another_var]
  end
end

Fixes #1529.

fix the Flash middleware loading the session on every request (very dangerous especially with Rack::Cache), it should only be loaded when the flash method is called

Removed the sanitize_dom_id method because HTML5 doctype let's us use anything except nothing and whitespace for id's

The latter doesn't render as code in HTML output.

Regex used in Rubymine to locate the latter form:

    (\+)(:*\w+:(?::|\w)+)(\+)

#send_file leans on Rack::Sendfile to X-Accel-Redirect the file's path, so opening the file to set the response body is wasteful. Set a FileBody wrapper instead that responds to to_path and streams the file if needed.