Simple Sungularize ActionController::UnpermittedParameters error in case when only 1 parameter is unpermitted.

closes #14125

ref #14062

Setting this attribute to `true` will remove the content type header
from the request. This is use in `render :body` feature.

This is an option for to HTML content with a content type of
`text/html`. This rendering option calls `ERB::Util.html_escape`
internally to escape unsafe HTML string, so you will have to mark your
string as html safe if you have any HTML tag in it.

Please see #12374 for more detail.

This is as an option to render content with a content type of
`text/plain`. This is the preferred option if you are planning to render
a plain text content.

Please see #12374 for more detail.

This is an option for sending a raw content back to browser. Note that
this rendering option will unset the default content type and does not
include "Content-Type" header back in the response.

You should only use this option if you are expecting the "Content-Type"
header to not be set. More information on "Content-Type" header can be
found on RFC 2616, section 7.2.1.

Please see #12374 for more detail.

Was custom_proxies in inline docs, but should be and defined in
constructor as custom_proxies

if the controller action has not yet streamed any data, actions should
process as normal, and errors should trigger the appropriate behavior
(500, or in the case of ActionController::BadRequest, a 400 Bad Request)

No variant should also be picked up by variant.any if variant.none is not defined (just like any other variant)

Allow setting `request.variant` as an array - an order in which they will be
rendered.

For example:

  request.variant = [:tablet, :phone]

  respond_to do |format|
    format.html.none
    format.html.phone # this gets rendered
  end

Stringify the incoming as well to handle incoming symbol keys from
marshalled sessions

If we set :shallow_path when shallow is called it can result in incorrect
paths if the resource is inside a namespace because namespace itself sets
the :shallow_path option to the namespace path.

We fix this by removing the :shallow_path option from shallow as that should
only be turning shallow routes on and not otherwise affecting the scope.
To do this we need to treat the :shallow option to resources differently to
other scope options and move it to before the nested block is called.

This change also has the positive side effect of making the behavior of the
:shallow option consistent with the shallow method.

Fixes #12498.

Since it's already required in the file, we don't need to use autoload
too. This commit is symmetrical change to 0b101804 for Response.

Returning `self` from within the array returned by `to_ary`
caused this. Instead, we can just substitute another object.
It provides the `each` behavior required by the rack spec.

cc @senny

Since the language in code blocks is inferred, if the code contains tt
tags, the block will be parsed as XML for instance while it is Ruby.

Previously, requiring action_view/view_paths did cause an uninitialized
constant error for ENCODING_FLAG, which is defined in action_view.

We can just require the file rather than going through the autoload
indirection

Rename allowed options to :marshal and :json, for custom serializers
only allow the use of custom classes.

MessageEncryptor has :serializer option, where any serializer object can
be passed. This commit make it possible to set this serializer from configuration
level.

There are predefined serializers (:marshal_serializer, :json_serialzier)
and custom serializer can be passed as String, Symbol (camelized and
constantized in ActionDispatch::Session namepspace) or serializer object.

Default :json_serializer was also added to generators to provide secure
defalt.

deep_munge solves CVE-2013-0155 security vulnerability, but its
behaviour is definately confuisng. This commit adds logging to deep_munge.
It logs keys for which values were set to nil.

Also mentions in guides were added.

The request attributes filtered_parameters, filtered_env and filtered_path
are memoized for performance reasons. However this can cause unusual
behavior in tests where there are multiple calls to get, post, etc.

Fixes #13803.