- Remove dead classes / dead code
- Move class definitions to where they are used, don't define in a
  shared space

We should define it only where we need it, not in the global abstract
unit 😬

Add a missing capital letter and avoid using absolute links to the
API because they may refer to out-dated documentation on the Edge
site.

This example code wasn't getting wrapped in a `<code>` tag due to incorrect indentation.

Follow up to #21671

Introduced in d6f2000a and was only used by Action Cable. Now handled by Action Cable’s assets:compile task.

CSRF verification for non-XHR GET requests (cross-origin `<script>`
tags) didn't check this flag before logging failures.

Setting `config.action_controller.log_warning_on_csrf_failure = false`
now disables logging for these CSRF failures as well.

Closes #25086.
Signed-off-by: NJeremy Daer <jeremydaer@gmail.com>

This reverts commit 0ce7eae7.

Tests were broken https://travis-ci.org/rails/rails/jobs/131850726#L520

This way we don't have to make multiple calls on anonymous controllers

per [API documentation guidelines](http://edgeguides.rubyonrails.org/api_documentation_guidelines.html#oxford-comma)

[ci skip]

Ruby 2.4 unifies Fixnum and Bignum into Integer: https://bugs.ruby-lang.org/issues/12005

* Forward compat with new unified Integer class in Ruby 2.4+.
* Backward compat with separate Fixnum/Bignum in Ruby 2.2 & 2.3.
* Drops needless Fixnum distinction in docs, preferring Integer.

Follows the same pattern as controllers and jobs. Exceptions raised in
delivery jobs (enqueued by `#deliver_later`) are also delegated to the
mailer's rescue_from handlers, so you can handle the DeserializationError
raised by delivery jobs:

```ruby
class MyMailer < ApplicationMailer
  rescue_from ActiveJob::DeserializationError do
    …
  end
```

ActiveSupport::Rescuable polish:
* Add the `rescue_with_handler` class method so exceptions may be
  handled at the class level without requiring an instance.
* Rationalize `exception.cause` handling. If no handler matches the
  exception, fall back to the handler that matches its cause.
* Handle exceptions raised elsewhere. Pass `object: …` to execute
  the `rescue_from` handler (e.g. a method call or a block to
  instance_exec) against a different object. Defaults to `self`.

- Earlier we were responding with JSON format for HTML requests in a API
  app.
- Now we will respond with HTML format for such requests in API apps.
- Also earlier we were not testing the API app's JSON requests
  properly. We were actually sending HTML requests. Now we send correct
  JSON requests. Also added more test coverage.
- Based on the discussion from this commit -
  https://github.com/rails/rails/commit/05d89410bf97d0778e78558db3c9fed275f8a614.

[Prathamesh Sonpatki, Jorge Bejar]

Resolves #24924.

This commit uses the new method in Rack to check if a path is valid.

In #18721 we removed the discard key from the session hash used to flash
messages and that broke compatibility with Rails 4 applications because they
try to map in the discarded flash messages and it returns nil.

Fixes #24726.

- It was originally added in 83b4e907 and partially
  removed in 05d89410.

It is a common pattern in the Rails community that when people want to
:xa
use any kind of helper that is defined inside app/helpers they includes
the helper module inside the controller like:

    module UserHelper
      def my_user_helper
        # ...
      end
    end

    class UsersController < ApplicationController
      include UserHelper

      def index
        render inline: my_user_helper
      end
    end

This has problem because the helper can't access anything that is
defined in the view level context class.

Also all public methods of the helper become available in the controller
what can lead to undesirable methods being routed and behaving as
actions.

Also if you helper depends on other helpers or even Action View helpers
you need to include each one of these dependencies in your controller
otherwise your helper is not going to work.

We already have a helpers proxy at controller class level but that proxy
doesn't have access to the instance variables defined in the
controller.

With this new instance level helper proxy users can reuse helpers in the
controller without having to include the modules and with access to
instance variables defined in the controller.

    class UsersController < ApplicationController
      def index
        render inline: helpers.my_user_helper
      end
    end

There were a lot of protected instance variables in
AbsctractController::Rendering that were related to Action Controller
and Action View.

Moving to ActionController::Base's protected instance list we make it
closer to where they are really defined.

Adding the `each` method is required for ensuring compatibility between
Rails, and other Rack frameworks (like Sinatra, etc.), that are mounted
within Rails, and wish to use its session tooling. Prior to this, there
was an inconsistency between ActionDispatch::Request::Session and
Rack::Session::Cookie, due to the absence of the `each` method. This
should hopefully fix that error. :)

For a full integration test with Sinatra and a standalone Rack
application, you can check out the gist for that here: https://gist.github.com/maclover7/08cd95b0bfe259465314311941326470.

Solves #15843.

[ci skip]

Last August (2015), @tenderlove worked to remove all `@env[]` and `@env[]=`, in
favor of using `set_header`, `get_header`, etc. (Here's an [example
commit](https://github.com/rails/rails/commit/f16a33b68efc3dc57cfafa27651b9a765e363fbf)).

This PR should remove the last uses of these methods, and fully convert
them to the newly standardized API.

I always appreciate having a bit more information as to why something is
now an error. We can use this error to tell people why what they were
previously doing is insecure and give them hints on how to fix it.
Signed-off-by: NKasper Timm Hansen <kaspth@gmail.com>

- Followup of https://github.com/rails/rails/issues/18693.
- I think we missed deprecating `request_via_redirect` in that pull
  request.
- Originally requested by DHH here
  https://github.com/rails/rails/issues/18333.

Previously, users were trying to modify a frozen Hash. Includes a
regression test :)

Fixes #22975

When the token is generated by the form we were using the schema and
host information while only using the path to compare if the action was
the same. This was causing the token to be invalid.

To fix this we use the same information to generate the token and check
it.

Fix #24257