actionpack 8.0.2 → 8.1.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 14abb1a6b812efa40da31cf30c3171405982457ed80984d231dae2af352f43f4
-  data.tar.gz: 3e934fe98cf59aa4727eb76b0f13567861fe01c04dbc6cd9c4e313b165a0a64e
+  metadata.gz: ed45caa459109b7c6009c7b63f8be21dfe1965dc7bc745e8e7588579a9384391
+  data.tar.gz: aabc44311112b16f6e9b8c3f34f391d1fc1abe91cb1b0df7e920dd0068cbc8b0
 SHA512:
-  metadata.gz: dde2e5f17a6d54ae692f64ec2d05a3dc8e54d4fb30d97dd4b1fa3e4c7363d1132facf04286c1b3f25ffdb78f8302eafa7a6c13d027b890589813e4e60e6f5e77
-  data.tar.gz: 773181339ec3539e73607f4e1588082893c3ac38d54e6c32a930ccf85bcffb41c95ad568a6bbe00bbc41967f98ed964d3200880a3c1f7b1dbfafeef405d8b1b5
+  metadata.gz: 05dc45165c2451cf7a0bd23c7b5baf55ba3e970cde0877211b208f227b98e538237c373135f5d8c3ba905c18af5834d69086ab8e223a11f7d77fed3f0e067746
+  data.tar.gz: 43cba6f2e00ce49bc0b4ef8172eb26b6571325dcfa5c8b5deebcec90cfad8f6d8d7d0804459dc29e5fd36073aa8f1b09348999e6258197360be3306d9c41134e

data/CHANGELOG.md

@@ -1,245 +1,360 @@
-## Rails 8.0.2 (March 12, 2025) ##
+## Rails 8.1.0.beta1 (September 04, 2025) ##
 
-*   No changes.
+*   Remove deprecated support to a route to multiple paths.
 
+    *Rafael Mendonça França*
 
-## Rails 8.0.2 (March 12, 2025) ##
+*   Remove deprecated support for using semicolons as a query string separator.
 
-*   Improve `with_routing` test helper to not rebuild the middleware stack.
+    Before:
 
-    Otherwise some middleware configuration could be lost.
+    ```ruby
+    ActionDispatch::QueryParser.each_pair("foo=bar;baz=quux").to_a
+    # => [["foo", "bar"], ["baz", "quux"]]
+    ```
 
-    *Édouard Chin*
+    After:
 
-*   Add resource name to the `ArgumentError` that's raised when invalid `:only` or `:except` options are given to `#resource` or `#resources`
+    ```ruby
+    ActionDispatch::QueryParser.each_pair("foo=bar;baz=quux").to_a
+    # => [["foo", "bar;baz=quux"]]
+    ```
 
-    This makes it easier to locate the source of the problem, especially for routes drawn by gems.
+    *Rafael Mendonça França*
+
+*   Remove deprecated support to skipping over leading brackets in parameter names in the parameter parser.
 
     Before:
-    ```
-    :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]
+
+    ```ruby
+    ActionDispatch::ParamBuilder.from_query_string("[foo]=bar") # => { "foo" => "bar" }
+    ActionDispatch::ParamBuilder.from_query_string("[foo][bar]=baz") # => { "foo" => { "bar" => "baz" } }
     ```
 
     After:
-    ```
-    Route `resources :products` - :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]
+
+    ```ruby
+    ActionDispatch::ParamBuilder.from_query_string("[foo]=bar") # => { "[foo]" => "bar" }
+    ActionDispatch::ParamBuilder.from_query_string("[foo][bar]=baz") # => { "[foo]" => { "bar" => "baz" } }
     ```
 
-    *Jeremy Green*
+    *Rafael Mendonça França*
 
-*   Fix `url_for` to handle `:path_params` gracefully when it's not a `Hash`.
+*   Deprecate `Rails.application.config.action_dispatch.ignore_leading_brackets`.
 
-    Prevents various security scanners from causing exceptions.
+    *Rafael Mendonça França*
 
-    *Martin Emde*
+*   Raise `ActionController::TooManyRequests` error from `ActionController::RateLimiting`
 
-*   Fix `ActionDispatch::Executor` to unwrap exceptions like other error reporting middlewares.
+    Requests that exceed the rate limit raise an `ActionController::TooManyRequests` error.
+    By default, Action Dispatch rescues the error and responds with a `429 Too Many Requests` status.
 
-    *Jean Boussier*
+    *Sean Doyle*
 
+*   Add .md/.markdown as Markdown extensions and add a default `markdown:` renderer:
 
-## Rails 8.0.1 (December 13, 2024) ##
+    ```ruby
+    class Page
+      def to_markdown
+        body
+      end
+    end
 
-*   Add `ActionDispatch::Request::Session#store` method to conform Rack spec.
+    class PagesController < ActionController::Base
+      def show
+        @page = Page.find(params[:id])
 
-    *Yaroslav*
+        respond_to do |format|
+          format.html
+          format.md { render markdown: @page }
+        end
+      end
+    end
+    ```
 
+    *DHH*
 
-## Rails 8.0.0.1 (December 10, 2024) ##
+*   Add headers to engine routes inspection command
 
-*   Add validation to content security policies to disallow spaces and semicolons.
-    Developers should use multiple arguments, and different directive methods instead.
+    *Petrik de Heus*
 
-    [CVE-2024-54133]
+*   Add "Copy as text" button to error pages
 
-    *Gannon McGibbon*
+    *Mikkel Malmberg*
 
+*   Add `scope:` option to `rate_limit` method.
 
-## Rails 8.0.0 (November 07, 2024) ##
+    Previously, it was not possible to share a rate limit count between several controllers, since the count was by
+    default separate for each controller.
 
-*   No changes.
+    Now, the `scope:` option solves this problem.
 
+    ```ruby
+    class APIController < ActionController::API
+      rate_limit to: 2, within: 2.seconds, scope: "api"
+    end
 
-## Rails 8.0.0.rc2 (October 30, 2024) ##
+    class API::PostsController < APIController
+      # ...
+    end
 
-*   Fix routes with `::` in the path.
+    class API::UsersController < APIController
+      # ...
+    end
+    ```
 
-    *Rafael Mendonça França*
+    *ArthurPV*, *Kamil Hanus*
 
-*   Maintain Rack 2 parameter parsing behaviour.
+*   Add support for `rack.response_finished` callbacks in ActionDispatch::Executor.
 
-    *Matthew Draper*
+    The executor middleware now supports deferring completion callbacks to later
+    in the request lifecycle by utilizing Rack's `rack.response_finished` mechanism,
+    when available. This enables applications to define `rack.response_finished` callbacks
+    that may rely on state that would be cleaned up by the executor's completion callbacks.
 
+    *Adrianna Chang*, *Hartley McGuire*
 
-## Rails 8.0.0.rc1 (October 19, 2024) ##
+*   Produce a log when `rescue_from` is invoked.
 
-*   Remove `Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality`.
+    *Steven Webb*, *Jean Boussier*
 
-    *Rafael Mendonça França*
+*   Allow hosts redirects from `hosts` Rails configuration
 
-*   Improve `ActionController::TestCase` to expose a binary encoded `request.body`.
+    ```ruby
+    config.action_controller.allowed_redirect_hosts << "example.com"
+    ```
 
-    The rack spec clearly states:
+    *Kevin Robatel*
 
-    > The input stream is an IO-like object which contains the raw HTTP POST data.
-    > When applicable, its external encoding must be “ASCII-8BIT” and it must be opened in binary mode.
+*   `rate_limit.action_controller` notification has additional payload
 
-    Until now its encoding was generally UTF-8, which doesn't accurately reflect production
-    behavior.
+    additional values: count, to, within, by, name, cache_key
 
-    *Jean Boussier*
+    *Jonathan Rochkind*
 
-*   Update `ActionController::AllowBrowser` to support passing method names to `:block`
+*   Add JSON support to the built-in health controller.
 
-    ```ruby
-    class ApplicationController < ActionController::Base
-      allow_browser versions: :modern, block: :handle_outdated_browser
+    The health controller now responds to JSON requests with a structured response
+    containing status and timestamp information. This makes it easier for monitoring
+    tools and load balancers to consume health check data programmatically.
 
-      private
-        def handle_outdated_browser
-          render file: Rails.root.join("public/custom-error.html"), status: :not_acceptable
-        end
-    end
+    ```ruby
+    # /up.json
+    {
+      "status": "up",
+      "timestamp": "2025-09-19T12:00:00Z"
+    }
     ```
 
-    *Sean Doyle*
+    *Francesco Loreti*, *Juan Vásquez*
 
-*   Raise an `ArgumentError` when invalid `:only` or `:except` options are passed into `#resource` and `#resources`.
+*   Allow to open source file with a crash from the browser.
 
-    *Joshua Young*
+    *Igor Kasyanchuk*
 
-## Rails 8.0.0.beta1 (September 26, 2024) ##
+*   Always check query string keys for valid encoding just like values are checked.
 
-*   Fix non-GET requests not updating cookies in `ActionController::TestCase`.
+    *Casper Smits*
 
-    *Jon Moss*, *Hartley McGuire*
+*   Always return empty body for HEAD requests in `PublicExceptions` and
+    `DebugExceptions`.
 
-*   Update `ActionController::Live` to use a thread-pool to reuse threads across requests.
+    This is required by `Rack::Lint` (per RFC9110).
 
-    *Adam Renberg Tamm*
+    *Hartley McGuire*
 
-*   Introduce safer, more explicit params handling method with `params#expect` such that
-    `params.expect(table: [ :attr ])` replaces `params.require(:table).permit(:attr)`
+*   Add comprehensive support for HTTP Cache-Control request directives according to RFC 9111.
 
-    Ensures params are filtered with consideration for the expected
-    types of values, improving handling of params and avoiding ignorable
-    errors caused by params tampering.
+    Provides a `request.cache_control_directives` object that gives access to request cache directives:
 
     ```ruby
-    # If the url is altered to ?person=hacked
-    # Before
-    params.require(:person).permit(:name, :age, pets: [:name])
-    # raises NoMethodError, causing a 500 and potential error reporting
+    # Boolean directives
+    request.cache_control_directives.only_if_cached?  # => true/false
+    request.cache_control_directives.no_cache?        # => true/false
+    request.cache_control_directives.no_store?        # => true/false
+    request.cache_control_directives.no_transform?    # => true/false
+
+    # Value directives
+    request.cache_control_directives.max_age          # => integer or nil
+    request.cache_control_directives.max_stale        # => integer or nil (or true for valueless max-stale)
+    request.cache_control_directives.min_fresh        # => integer or nil
+    request.cache_control_directives.stale_if_error   # => integer or nil
+
+    # Special helpers for max-stale
+    request.cache_control_directives.max_stale?         # => true if max-stale present (with or without value)
+    request.cache_control_directives.max_stale_unlimited? # => true only for valueless max-stale
+    ```
 
-    # After
-    params.expect(person: [ :name, :age, pets: [[:name]] ])
-    # raises ActionController::ParameterMissing, correctly returning a 400 error
+    Example usage:
+
+    ```ruby
+    def show
+      if request.cache_control_directives.only_if_cached?
+        @article = Article.find_cached(params[:id])
+        return head(:gateway_timeout) if @article.nil?
+      else
+        @article = Article.find(params[:id])
+      end
+
+      render :show
+    end
     ```
 
-    You may also notice the new double array `[[:name]]`. In order to
-    declare when a param is expected to be an array of parameter hashes,
-    this new double array syntax is used to explicitly declare an array.
-    `expect` requires you to declare expected arrays in this way, and will
-    ignore arrays that are passed when, for example, `pet: [:name]` is used.
+    *egg528*
 
-    In order to preserve compatibility, `permit` does not adopt the new
-    double array syntax and is therefore more permissive about unexpected
-    types. Using `expect` everywhere is recommended.
+*   Add assert_in_body/assert_not_in_body as the simplest way to check if a piece of text is in the response body.
 
-    We suggest replacing `params.require(:person).permit(:name, :age)`
-    with the direct replacement `params.expect(person: [:name, :age])`
-    to prevent external users from manipulating params to trigger 500
-    errors. A 400 error will be returned instead, using public/400.html
+    *DHH*
 
-    Usage of `params.require(:id)` should likewise be replaced with
-    `params.expect(:id)` which is designed to ensure that `params[:id]`
-    is a scalar and not an array or hash, also requiring the param.
+*   Include cookie name when calculating maximum allowed size.
 
-    ```ruby
-    # Before
-    User.find(params.require(:id)) # allows an array, altering behavior
+    *Hartley McGuire*
 
-    # After
-    User.find(params.expect(:id)) # expect only returns non-blank permitted scalars (excludes Hash, Array, nil, "", etc)
+*   Implement `must-understand` directive according to RFC 9111.
+
+    The `must-understand` directive indicates that a cache must understand the semantics of the response status code, or discard the response. This directive is enforced to be used only with `no-store` to ensure proper cache behavior.
+
+    ```ruby
+    class ArticlesController < ApplicationController
+      def show
+        @article = Article.find(params[:id])
+
+        if @article.special_format?
+          must_understand
+          render status: 203 # Non-Authoritative Information
+        else
+          fresh_when @article
+        end
+      end
+    end
     ```
 
-    *Martin Emde*
+    *heka1024*
 
-*   System Testing: Disable Chrome's search engine choice by default in system tests.
+*   The JSON renderer doesn't escape HTML entities or Unicode line separators anymore.
 
-    *glaszig*
+    Using `render json:` will no longer escape `<`, `>`, `&`, `U+2028` and `U+2029` characters that can cause errors
+    when the resulting JSON is embedded in JavaScript, or vulnerabilities when the resulting JSON is embedded in HTML.
 
-*   Fix `Request#raw_post` raising `NoMethodError` when `rack.input` is `nil`.
+    Since the renderer is used to return a JSON document as `application/json`, it's typically not necessary to escape
+    those characters, and it improves performance.
 
-    *Hartley McGuire*
+    Escaping will still occur when the `:callback` option is set, since the JSON is used as JavaScript code in this
+    situation (JSONP).
 
-*   Remove `racc` dependency by manually writing `ActionDispatch::Journey::Scanner`.
+    You can use the `:escape` option or set `config.action_controller.escape_json_responses` to `true` to restore the
+    escaping behavior.
 
-    *Gannon McGibbon*
+    ```ruby
+    class PostsController < ApplicationController
+      def index
+        render json: Post.last(30), escape: true
+      end
+    end
+    ```
 
-*   Speed up `ActionDispatch::Routing::Mapper::Scope#[]` by merging frame hashes.
+    *Étienne Barrié*, *Jean Boussier*
+
+*   Load lazy route sets before inserting test routes
+
+    Without loading lazy route sets early, we miss `after_routes_loaded` callbacks, or risk
+    invoking them with the test routes instead of the real ones if another load is triggered by an engine.
 
     *Gannon McGibbon*
 
-*   Allow bots to ignore `allow_browser`.
+*   Raise `AbstractController::DoubleRenderError` if `head` is called after rendering.
+
+    After this change, invoking `head` will lead to an error if response body is already set:
+
+    ```ruby
+    class PostController < ApplicationController
+      def index
+        render locals: {}
+        head :ok
+      end
+    end
+    ```
 
-    *Matthew Nguyen*
+    *Iaroslav Kurbatov*
 
-*   Deprecate drawing routes with multiple paths to make routing faster.
-    You may use `with_options` or a loop to make drawing multiple paths easier.
+*   The Cookie Serializer can now serialize an Active Support SafeBuffer when using message pack.
+
+    Such code would previously produce an error if an application was using messagepack as its cookie serializer.
 
     ```ruby
-    # Before
-    get "/users", "/other_path", to: "users#index"
+    class PostController < ApplicationController
+      def index
+        flash.notice = t(:hello_html) # This would try to serialize a SafeBuffer, which was not possible.
+      end
+    end
+    ```
 
-    # After
-    get "/users", to: "users#index"
-    get "/other_path", to: "users#index"
+    *Edouard Chin*
+
+*   Fix `Rails.application.reload_routes!` from clearing almost all routes.
+
+    When calling `Rails.application.reload_routes!` inside a middleware of
+    a Rake task, it was possible under certain conditions that all routes would be cleared.
+    If ran inside a middleware, this would result in getting a 404 on most page you visit.
+    This issue was only happening in development.
+
+    *Edouard Chin*
+
+*   Add resource name to the `ArgumentError` that's raised when invalid `:only` or `:except` options are given to `#resource` or `#resources`
+
+    This makes it easier to locate the source of the problem, especially for routes drawn by gems.
+
+    Before:
+    ```
+    :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]
     ```
 
-    *Gannon McGibbon*
+    After:
+    ```
+    Route `resources :products` - :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]
+    ```
 
-*   Make `http_cache_forever` use `immutable: true`
+    *Jeremy Green*
 
-    *Nate Matykiewicz*
+*   A route pointing to a non-existing controller now returns a 500 instead of a 404.
 
-*   Add `config.action_dispatch.strict_freshness`.
+    A controller not existing isn't a routing error that should result
+    in a 404, but a programming error that should result in a 500 and
+    be reported.
 
-    When set to `true`, the `ETag` header takes precedence over the `Last-Modified` header when both are present,
-    as specified by RFC 7232, Section 6.
+    Until recently, this was hard to untangle because of the support
+    for dynamic `:controller` segment in routes, but since this is
+    deprecated and will be removed in Rails 8.1, we can now easily
+    not consider missing controllers as routing errors.
 
-    Defaults to `false` to maintain compatibility with previous versions of Rails, but is enabled as part of
-    Rails 8.0 defaults.
+    *Jean Boussier*
 
-    *heka1024*
+*   Add `check_collisions` option to `ActionDispatch::Session::CacheStore`.
 
-*   Support `immutable` directive in Cache-Control
+    Newly generated session ids use 128 bits of randomness, which is more than
+    enough to ensure collisions can't happen, but if you need to harden sessions
+    even more, you can enable this option to check in the session store that the id
+    is indeed free you can enable that option. This however incurs an extra write
+    on session creation.
 
-    ```ruby
-    expires_in 1.minute, public: true, immutable: true
-    # Cache-Control: public, max-age=60, immutable
-    ```
+    *Shia*
 
-    *heka1024*
+*   In ExceptionWrapper, match backtrace lines with built templates more often,
+    allowing improved highlighting of errors within do-end blocks in templates.
+    Fix for Ruby 3.4 to match new method labels in backtrace.
 
-*   Add `:wasm_unsafe_eval` mapping for `content_security_policy`
+    *Martin Emde*
+
+*   Allow setting content type with a symbol of the Mime type.
 
     ```ruby
     # Before
-    policy.script_src "'wasm-unsafe-eval'"
+    response.content_type = "text/html"
 
     # After
-    policy.script_src :wasm_unsafe_eval
+    response.content_type = :html
     ```
 
-    *Joe Haig*
-
-*   Add `display_capture` and `keyboard_map` in `permissions_policy`
-
-    *Cyril Blaecke*
-
-*   Add `connect` route helper.
-
-    *Samuel Williams*
+    *Petrik de Heus*
 
-Please check [7-2-stable](https://github.com/rails/rails/blob/7-2-stable/actionpack/CHANGELOG.md) for previous changes.
+Please check [8-0-stable](https://github.com/rails/rails/blob/8-0-stable/actionpack/CHANGELOG.md) for previous changes.

data/README.rdoc

@@ -52,6 +52,6 @@ Bug reports for the Ruby on \Rails project can be filed here:
 
 * https://github.com/rails/rails/issues
 
-Feature requests should be discussed on the rails-core mailing list here:
+Feature requests should be discussed on the rubyonrails-core forum here:
 
 * https://discuss.rubyonrails.org/c/rubyonrails-core

data/lib/abstract_controller/asset_paths.rb

@@ -7,8 +7,10 @@ module AbstractController
     extend ActiveSupport::Concern
 
     included do
-      config_accessor :asset_host, :assets_dir, :javascripts_dir,
-        :stylesheets_dir, :default_asset_host_protocol, :relative_url_root
+      singleton_class.delegate :asset_host, :asset_host=, :assets_dir, :assets_dir=, :javascripts_dir, :javascripts_dir=,
+        :stylesheets_dir, :stylesheets_dir=, :default_asset_host_protocol, :default_asset_host_protocol=, :relative_url_root, :relative_url_root=, to: :config
+      delegate :asset_host, :asset_host=, :assets_dir, :assets_dir=, :javascripts_dir, :javascripts_dir=,
+        :stylesheets_dir, :stylesheets_dir=, :default_asset_host_protocol, :default_asset_host_protocol=, :relative_url_root, :relative_url_root=, to: :config
     end
   end
 end

data/lib/abstract_controller/base.rb

@@ -3,7 +3,6 @@
 # :markup: markdown
 
 require "abstract_controller/error"
-require "active_support/configurable"
 require "active_support/descendants_tracker"
 require "active_support/core_ext/module/anonymous"
 require "active_support/core_ext/module/attr_internal"
@@ -47,7 +46,7 @@ module AbstractController
     # Returns the formats that can be processed by the controller.
     attr_internal :formats
 
-    include ActiveSupport::Configurable
+    class_attribute :config, instance_predicate: false, default: ActiveSupport::OrderedOptions.new
     extend ActiveSupport::DescendantsTracker
 
     class << self
@@ -65,6 +64,7 @@ module AbstractController
         unless klass.instance_variable_defined?(:@abstract)
           klass.instance_variable_set(:@abstract, false)
         end
+        klass.config = ActiveSupport::InheritableOptions.new(config)
         super
       end
 
@@ -86,14 +86,10 @@ module AbstractController
         controller.public_instance_methods(true) - methods
       end
 
-      # A list of method names that should be considered actions. This includes all
+      # A `Set` of method names that should be considered actions. This includes all
       # public instance methods on a controller, less any internal methods (see
       # internal_methods), adding back in any methods that are internal, but still
       # exist on the class itself.
-      #
-      # #### Returns
-      # *   `Set` - A set of all methods that should be considered actions.
-      #
       def action_methods
         @action_methods ||= begin
           # All public instance methods of this class, including ancestors except for
@@ -121,13 +117,14 @@ module AbstractController
       #
       #     MyApp::MyPostsController.controller_path # => "my_app/my_posts"
       #
-      # #### Returns
-      # *   `String`
-      #
       def controller_path
         @controller_path ||= name.delete_suffix("Controller").underscore unless anonymous?
       end
 
+      def configure # :nodoc:
+        yield config
+      end
+
       # Refresh the cached action_methods when a new action_method is added.
       def method_added(name)
         super
@@ -147,10 +144,6 @@ module AbstractController
     # The actual method that is called is determined by calling #method_for_action.
     # If no method can handle the action, then an AbstractController::ActionNotFound
     # error is raised.
-    #
-    # #### Returns
-    # *   `self`
-    #
     def process(action, ...)
       @_action_name = action.to_s
 
@@ -201,6 +194,10 @@ module AbstractController
       true
     end
 
+    def config # :nodoc:
+      @_config ||= self.class.config.inheritable_copy
+    end
+
     def inspect # :nodoc:
       "#<#{self.class.name}:#{'%#016x' % (object_id << 1)}>"
     end

data/lib/abstract_controller/caching.rb

@@ -32,13 +32,16 @@ module AbstractController
     included do
       extend ConfigMethods
 
-      config_accessor :default_static_extension
+      singleton_class.delegate :default_static_extension, :default_static_extension=, to: :config
+      delegate :default_static_extension, :default_static_extension=, to: :config
       self.default_static_extension ||= ".html"
 
-      config_accessor :perform_caching
+      singleton_class.delegate :perform_caching, :perform_caching=, to: :config
+      delegate :perform_caching, :perform_caching=, to: :config
       self.perform_caching = true if perform_caching.nil?
 
-      config_accessor :enable_fragment_cache_logging
+      singleton_class.delegate :enable_fragment_cache_logging, :enable_fragment_cache_logging=, to: :config
+      delegate :enable_fragment_cache_logging, :enable_fragment_cache_logging=, to: :config
       self.enable_fragment_cache_logging = false
 
       class_attribute :_view_cache_dependencies, default: []

data/lib/abstract_controller/collector.rb

@@ -27,7 +27,7 @@ module AbstractController
     def method_missing(symbol, ...)
       unless mime_constant = Mime[symbol]
         raise NoMethodError, "To respond to a custom format, register it as a MIME type first: " \
-          "https://guides.rubyonrails.org/action_controller_overview.html#restful-downloads. " \
+          "https://guides.rubyonrails.org/action_controller_advanced_topics.html#restful-downloads. " \
           "If you meant to respond to a variant like :tablet or :phone, not a custom format, " \
           "be sure to nest your variant response within a format response: " \
           "format.html { |html| html.tablet { ... } }"

data/lib/abstract_controller/logger.rb

@@ -9,7 +9,8 @@ module AbstractController
     extend ActiveSupport::Concern
 
     included do
-      config_accessor :logger
+      singleton_class.delegate :logger, :logger=, to: :config
+      delegate :logger, :logger=, to: :config
       include ActiveSupport::Benchmarkable
     end
   end