sinatra 1.4.6 → 2.0.0

data/README.md

@@ -1,9 +1,11 @@
 # Sinatra
 
-Sinatra is a [DSL](http://en.wikipedia.org/wiki/Domain-specific_language) for
+[![Build Status](https://secure.travis-ci.org/sinatra/sinatra.svg)](http://travis-ci.org/sinatra/sinatra)
+
+Sinatra is a [DSL](https://en.wikipedia.org/wiki/Domain-specific_language) for
 quickly creating web applications in Ruby with minimal effort:
 
-``` ruby
+```ruby
 # myapp.rb
 require 'sinatra'
 
@@ -14,17 +16,17 @@ end
 
 Install the gem:
 
-``` shell
+```shell
 gem install sinatra
 ```
 
 And run with:
 
-``` shell
+```shell
 ruby myapp.rb
 ```
 
-View at: http://localhost:4567
+View at: [http://localhost:4567](http://localhost:4567)
 
 It is recommended to also run `gem install thin`, which Sinatra will
 pick up if available.
@@ -73,6 +75,9 @@ pick up if available.
     * [Filters](#filters)
     * [Helpers](#helpers)
         * [Using Sessions](#using-sessions)
+          * [Session Secret Security](#session-secret-security)
+          * [Session Config](#session-config)
+          * [Choosing Your Own Session Middleware](#choosing-your-own-session-middleware)
         * [Halting](#halting)
         * [Passing](#passing)
         * [Triggering Another Route](#triggering-another-route)
@@ -109,11 +114,10 @@ pick up if available.
         * [Request/Instance Scope](#requestinstance-scope)
         * [Delegation Scope](#delegation-scope)
     * [Command Line](#command-line)
+        * [Multi-threading](#multi-threading)
     * [Requirement](#requirement)
     * [The Bleeding Edge](#the-bleeding-edge)
         * [With Bundler](#with-bundler)
-        * [Roll Your Own](#roll-your-own)
-        * [Install Globally](#install-globally)
     * [Versioning](#versioning)
     * [Further Reading](#further-reading)
 
@@ -122,7 +126,7 @@ pick up if available.
 In Sinatra, a route is an HTTP method paired with a URL-matching pattern.
 Each route is associated with a block:
 
-``` ruby
+```ruby
 get '/' do
   .. show something ..
 end
@@ -159,10 +163,18 @@ end
 Routes are matched in the order they are defined. The first route that
 matches the request is invoked.
 
+Routes with trailing slashes are different from the ones without:
+
+```ruby
+get '/foo' do
+  # Does not match "GET /foo/"
+end
+```
+
 Route patterns may include named parameters, accessible via the
 `params` hash:
 
-``` ruby
+```ruby
 get '/hello/:name' do
   # matches "GET /hello/foo" and "GET /hello/bar"
   # params['name'] is 'foo' or 'bar'
@@ -172,7 +184,7 @@ end
 
 You can also access named parameters via block parameters:
 
-``` ruby
+```ruby
 get '/hello/:name' do |n|
   # matches "GET /hello/foo" and "GET /hello/bar"
   # params['name'] is 'foo' or 'bar'
@@ -184,7 +196,7 @@ end
 Route patterns may also include splat (or wildcard) parameters, accessible
 via the `params['splat']` array:
 
-``` ruby
+```ruby
 get '/say/*/to/*' do
   # matches /say/hello/to/world
   params['splat'] # => ["hello", "world"]
@@ -198,7 +210,7 @@ end
 
 Or with block parameters:
 
-``` ruby
+```ruby
 get '/download/*.*' do |path, ext|
   [path, ext] # => ["path/to/file", "xml"]
 end
@@ -206,15 +218,15 @@ end
 
 Route matching with Regular Expressions:
 
-``` ruby
-get /\A\/hello\/([\w]+)\z/ do
+```ruby
+get /\/hello\/([\w]+)/ do
   "Hello, #{params['captures'].first}!"
 end
 ```
 
 Or with a block parameter:
 
-``` ruby
+```ruby
 get %r{/hello/([\w]+)} do |c|
   # Matches "GET /meta/hello/world", "GET /hello/world/1234" etc.
   "Hello, #{c}!"
@@ -223,15 +235,15 @@ end
 
 Route patterns may have optional parameters:
 
-``` ruby
-get '/posts.?:format?' do
-  # matches "GET /posts" and any extension "GET /posts.json", "GET /posts.xml" etc.
+```ruby
+get '/posts/:format?' do
+  # matches "GET /posts/" and any extension "GET /posts/json", "GET /posts/xml" etc
 end
 ```
 
 Routes may also utilize query parameters:
 
-``` ruby
+```ruby
 get '/posts' do
   # matches "GET /posts?title=foo&author=bar"
   title = params['title']
@@ -240,14 +252,29 @@ get '/posts' do
 end
 ```
 
-By the way, unless you disable the path traversal attack protection (see below),
-the request path might be modified before matching against your routes.
+By the way, unless you disable the path traversal attack protection (see
+below), the request path might be modified before matching against your
+routes.
+
+You may customize the Mustermann options used for a given route by passing in a
+`:mustermann_opts` hash:
+
+```ruby
+get '\A/posts\z', :mustermann_opts => { :type => :regexp, :check_anchors => false } do
+  # matches /posts exactly, with explicit anchoring
+  "If you match an anchored pattern clap your hands!"
+end
+```
+
+It looks like a [condition](#conditions), but it isn't one! These options will
+be merged into the global `:mustermann_opts` hash described
+[below](#available-settings).
 
 ## Conditions
 
 Routes may include a variety of matching conditions, such as the user agent:
 
-``` ruby
+```ruby
 get '/foo', :agent => /Songbird (\d\.\d)[\d\/]*?/ do
   "You're using Songbird version #{params['agent'][0]}"
 end
@@ -259,7 +286,7 @@ end
 
 Other available conditions are `host_name` and `provides`:
 
-``` ruby
+```ruby
 get '/', :host_name => /^admin\./ do
   "Admin Area, Access denied!"
 end
@@ -276,7 +303,7 @@ end
 
 You can easily define your own conditions:
 
-``` ruby
+```ruby
 set(:probability) { |value| condition { rand <= value } }
 
 get '/win_a_car', :probability => 0.1 do
@@ -290,7 +317,7 @@ end
 
 For a condition that takes multiple values use a splat:
 
-``` ruby
+```ruby
 set(:auth) do |*roles|   # <- notice the splat here
   condition do
     unless logged_in? && roles.any? {|role| current_user.in_role? role }
@@ -310,10 +337,10 @@ end
 
 ## Return Values
 
-The return value of a route block determines at least the response body passed
-on to the HTTP client, or at least the next middleware in the Rack stack.
-Most commonly, this is a string, as in the above examples. But other values are
-also accepted.
+The return value of a route block determines at least the response body
+passed on to the HTTP client, or at least the next middleware in the
+Rack stack. Most commonly, this is a string, as in the above examples.
+But other values are also accepted.
 
 You can return any object that would either be a valid Rack response, Rack
 body object or HTTP status code:
@@ -328,7 +355,7 @@ body object or HTTP status code:
 
 That way we can, for instance, easily implement a streaming example:
 
-``` ruby
+```ruby
 class Stream
   def each
     100.times { |i| yield "#{i}\n" }
@@ -338,16 +365,16 @@ end
 get('/') { Stream.new }
 ```
 
-You can also use the `stream` helper method (described below) to reduce boiler
-plate and embed the streaming logic in the route.
+You can also use the `stream` helper method (described below) to reduce
+boiler plate and embed the streaming logic in the route.
 
 ## Custom Route Matchers
 
-As shown above, Sinatra ships with built-in support for using String patterns
-and regular expressions as route matches. However, it does not stop there. You
-can easily define your own matchers:
+As shown above, Sinatra ships with built-in support for using String
+patterns and regular expressions as route matches. However, it does not
+stop there. You can easily define your own matchers:
 
-``` ruby
+```ruby
 class AllButPattern
   Match = Struct.new(:captures)
 
@@ -373,7 +400,7 @@ end
 Note that the above example might be over-engineered, as it can also be
 expressed as:
 
-``` ruby
+```ruby
 get // do
   pass if request.path_info == "/index"
   # ...
@@ -382,8 +409,8 @@ end
 
 Or, using negative look ahead:
 
-``` ruby
-get %r{^(?!/index$)} do
+```ruby
+get %r{(?!/index)} do
   # ...
 end
 ```
@@ -393,7 +420,7 @@ end
 Static files are served from the `./public` directory. You can specify
 a different location by setting the `:public_folder` option:
 
-``` ruby
+```ruby
 set :public_folder, File.dirname(__FILE__) + '/static'
 ```
 
@@ -409,7 +436,7 @@ Use the `:static_cache_control` setting (see below) to add
 Each template language is exposed via its own rendering method. These
 methods simply return a string:
 
-``` ruby
+```ruby
 get '/' do
   erb :index
 end
@@ -420,7 +447,7 @@ This renders `views/index.erb`.
 Instead of a template name, you can also just pass in the template content
 directly:
 
-``` ruby
+```ruby
 get '/' do
   code = "<%= Time.now %>"
   erb code
@@ -429,7 +456,7 @@ end
 
 Templates take a second argument, the options hash:
 
-``` ruby
+```ruby
 get '/' do
   erb :index, :layout => :post
 end
@@ -441,7 +468,7 @@ This will render `views/index.erb` embedded in the
 Any options not understood by Sinatra will be passed on to the template
 engine:
 
-``` ruby
+```ruby
 get '/' do
   haml :index, :format => :html5
 end
@@ -449,7 +476,7 @@ end
 
 You can also set options per template language in general:
 
-``` ruby
+```ruby
 set :haml, :format => :html5
 
 get '/' do
@@ -493,15 +520,17 @@ Available Options:
 
   <dt>scope</dt>
   <dd>
-    Scope to render template under. Defaults to the application instance. If you
-    change this, instance variables and helper methods will not be available.
+    Scope to render template under. Defaults to the application
+    instance. If you change this, instance variables and helper methods
+    will not be available.
   </dd>
 
   <dt>layout_engine</dt>
   <dd>
-    Template engine to use for rendering the layout. Useful for languages that
-    do not support layouts otherwise. Defaults to the engine used for the
-    template. Example: <tt>set :rdoc, :layout_engine => :erb</tt>
+    Template engine to use for rendering the layout. Useful for
+    languages that do not support layouts otherwise. Defaults to the
+    engine used for the template. Example: <tt>set :rdoc, :layout_engine
+    => :erb</tt>
   </dd>
 
   <dt>layout_options</dt>
@@ -511,36 +540,44 @@ Available Options:
   </dd>
 </dl>
 
-Templates are assumed to be located directly under the `./views` directory. To
-use a different views directory:
+Templates are assumed to be located directly under the `./views`
+directory. To use a different views directory:
 
-``` ruby
+```ruby
 set :views, settings.root + '/templates'
 ```
 
 
-One important thing to remember is that you always have to reference templates
-with symbols, even if they're in a subdirectory (in this case, use:
-`:'subdir/template'` or `'subdir/template'.to_sym`). You must use a symbol
-because otherwise rendering methods will render any strings passed to them
-directly.
+One important thing to remember is that you always have to reference
+templates with symbols, even if they're in a subdirectory (in this case,
+use: `:'subdir/template'` or `'subdir/template'.to_sym`). You must use a
+symbol because otherwise rendering methods will render any strings
+passed to them directly.
 
 ### Literal Templates
 
-``` ruby
+```ruby
 get '/' do
   haml '%div.title Hello World'
 end
 ```
 
-Renders the template string.
+Renders the template string. You can optionally specify `:path` and
+`:line` for a clearer backtrace if there is a filesystem path or line
+associated with that string:
+
+```ruby
+get '/' do
+  haml '%div.title Hello World', :path => 'examples/file.haml', :line => 3
+end
+```
 
 ### Available Template Languages
 
 Some languages have multiple implementations. To specify what implementation
 to use (and to be thread-safe), you should simply require it first:
 
-``` ruby
+```ruby
 require 'rdiscount' # or require 'bluecloth'
 get('/') { markdown :index }
 ```
@@ -608,7 +645,7 @@ It also takes a block for inline templates (see example).
 <table>
   <tr>
     <td>Dependency</td>
-    <td><a href="http://nokogiri.org/" title="nokogiri">nokogiri</a></td>
+    <td><a href="http://www.nokogiri.org/" title="nokogiri">nokogiri</a></td>
   </tr>
   <tr>
     <td>File Extension</td>
@@ -661,7 +698,7 @@ It also takes a block for inline templates (see example).
 <table>
   <tr>
     <td>Dependency</td>
-    <td><a href="http://www.lesscss.org/" title="less">less</a></td>
+    <td><a href="http://lesscss.org/" title="less">less</a></td>
   </tr>
   <tr>
     <td>File Extension</td>
@@ -678,7 +715,7 @@ It also takes a block for inline templates (see example).
 <table>
   <tr>
     <td>Dependency</td>
-    <td><a href="http://www.liquidmarkup.org/" title="liquid">liquid</a></td>
+    <td><a href="http://liquidmarkup.org/" title="liquid">liquid</a></td>
   </tr>
   <tr>
     <td>File Extension</td>
@@ -700,7 +737,7 @@ template, you almost always want to pass locals to it.
     <td>Dependency</td>
     <td>
       Anyone of:
-        <a href="https://github.com/rtomayko/rdiscount" title="RDiscount">RDiscount</a>,
+        <a href="https://github.com/davidfstr/rdiscount" title="RDiscount">RDiscount</a>,
         <a href="https://github.com/vmg/redcarpet" title="RedCarpet">RedCarpet</a>,
         <a href="http://deveiate.org/projects/BlueCloth" title="BlueCloth">BlueCloth</a>,
         <a href="http://kramdown.gettalong.org/" title="kramdown">kramdown</a>,
@@ -717,17 +754,18 @@ template, you almost always want to pass locals to it.
   </tr>
 </table>
 
-It is not possible to call methods from markdown, nor to pass locals to it.
+It is not possible to call methods from Markdown, nor to pass locals to it.
 You therefore will usually use it in combination with another rendering
 engine:
 
-``` ruby
+```ruby
 erb :overview, :locals => { :text => markdown(:introduction) }
 ```
 
-Note that you may also call the `markdown` method from within other templates:
+Note that you may also call the `markdown` method from within other
+templates:
 
-``` ruby
+```ruby
 %h1 Hello From Haml!
 %p= markdown(:greetings)
 ```
@@ -753,16 +791,17 @@ template than for the layout by passing the `:layout_engine` option.
   </tr>
 </table>
 
-It is not possible to call methods from textile, nor to pass locals to it. You
-therefore will usually use it in combination with another rendering engine:
+It is not possible to call methods from Textile, nor to pass locals to
+it. You therefore will usually use it in combination with another
+rendering engine:
 
-``` ruby
+```ruby
 erb :overview, :locals => { :text => textile(:introduction) }
 ```
 
 Note that you may also call the `textile` method from within other templates:
 
-``` ruby
+```ruby
 %h1 Hello From Haml!
 %p= textile(:greetings)
 ```
@@ -788,16 +827,16 @@ template than for the layout by passing the `:layout_engine` option.
   </tr>
 </table>
 
-It is not possible to call methods from rdoc, nor to pass locals to it. You
+It is not possible to call methods from RDoc, nor to pass locals to it. You
 therefore will usually use it in combination with another rendering engine:
 
-``` ruby
+```ruby
 erb :overview, :locals => { :text => rdoc(:introduction) }
 ```
 
 Note that you may also call the `rdoc` method from within other templates:
 
-``` ruby
+```ruby
 %h1 Hello From Haml!
 %p= rdoc(:greetings)
 ```
@@ -843,15 +882,15 @@ almost always want to pass locals to it.
   </tr>
 </table>
 
-Since you cannot call Ruby methods directly from a Radius template, you almost
-always want to pass locals to it.
+Since you cannot call Ruby methods directly from a Radius template, you
+almost always want to pass locals to it.
 
 #### Markaby Templates
 
 <table>
   <tr>
     <td>Dependency</td>
-    <td><a href="http://markaby.github.com/" title="Markaby">Markaby</a></td>
+    <td><a href="http://markaby.github.io/" title="Markaby">Markaby</a></td>
   </tr>
   <tr>
     <td>File Extension</td>
@@ -916,16 +955,16 @@ It also takes a block for inline templates (see example).
   </tr>
 </table>
 
-It is not possible to call methods from creole, nor to pass locals to it. You
+It is not possible to call methods from Creole, nor to pass locals to it. You
 therefore will usually use it in combination with another rendering engine:
 
-``` ruby
+```ruby
 erb :overview, :locals => { :text => creole(:introduction) }
 ```
 
 Note that you may also call the `creole` method from within other templates:
 
-``` ruby
+```ruby
 %h1 Hello From Haml!
 %p= creole(:greetings)
 ```
@@ -951,17 +990,18 @@ template than for the layout by passing the `:layout_engine` option.
   </tr>
 </table>
 
-It is not possible to call methods from MediaWiki markup, nor to pass locals to
-it. You therefore will usually use it in combination with another rendering
-engine:
+It is not possible to call methods from MediaWiki markup, nor to pass
+locals to it. You therefore will usually use it in combination with
+another rendering engine:
 
-``` ruby
+```ruby
 erb :overview, :locals => { :text => mediawiki(:introduction) }
 ```
 
-Note that you may also call the `mediawiki` method from within other templates:
+Note that you may also call the `mediawiki` method from within other
+templates:
 
-``` ruby
+```ruby
 %h1 Hello From Haml!
 %p= mediawiki(:greetings)
 ```
@@ -1000,7 +1040,7 @@ template than for the layout by passing the `:layout_engine` option.
   <tr>
     <td>Dependency</td>
     <td>
-      <a href="https://github.com/lucasmazza/ruby-stylus" title="Ruby Stylus">
+      <a href="https://github.com/forgecrafted/ruby-stylus" title="Ruby Stylus">
         Stylus
       </a> and a
       <a href="https://github.com/sstephenson/execjs/blob/master/README.md#readme" title="ExecJS">
@@ -1021,7 +1061,7 @@ template than for the layout by passing the `:layout_engine` option.
 Before being able to use Stylus templates, you need to load `stylus` and
 `stylus/tilt` first:
 
-``` ruby
+```ruby
 require 'sinatra'
 require 'stylus'
 require 'stylus/tilt'
@@ -1059,7 +1099,7 @@ end
 The template source is evaluated as a Ruby string, and the
 resulting json variable is converted using `#to_json`:
 
-``` ruby
+```ruby
 json = { :foo => 'bar' }
 json[:baz] = key
 ```
@@ -1067,7 +1107,7 @@ json[:baz] = key
 The `:callback` and `:variable` options can be used to decorate the rendered
 object:
 
-``` javascript
+```javascript
 var resource = {"foo":"bar","baz":"qux"};
 present(resource);
 ```
@@ -1089,15 +1129,16 @@ present(resource);
   </tr>
 </table>
 
-Since calling ruby methods is not idiomatic in WLang, you almost always want to
-pass locals to it. Layouts written in WLang and `yield` are supported, though.
+Since calling ruby methods is not idiomatic in WLang, you almost always
+want to pass locals to it. Layouts written in WLang and `yield` are
+supported, though.
 
 ### Accessing Variables in Templates
 
 Templates are evaluated within the same context as route handlers. Instance
 variables set in route handlers are directly accessible by templates:
 
-``` ruby
+```ruby
 get '/:id' do
   @foo = Foo.find(params['id'])
   haml '%h1= @foo.name'
@@ -1106,7 +1147,7 @@ end
 
 Or, specify an explicit Hash of local variables:
 
-``` ruby
+```ruby
 get '/:id' do
   foo = Foo.find(params['id'])
   haml '%h1= bar.name', :locals => { :bar => foo }
@@ -1122,7 +1163,7 @@ A layout is usually just a template that calls `yield`.
 Such a template can be used either through the `:template` option as
 described above, or it can be rendered with a block as follows:
 
-``` ruby
+```ruby
 erb :post, :layout => false do
   erb :index
 end
@@ -1130,9 +1171,10 @@ end
 
 This code is mostly equivalent to `erb :index, :layout => :post`.
 
-Passing blocks to rendering methods is most useful for creating nested layouts:
+Passing blocks to rendering methods is most useful for creating nested
+layouts:
 
-``` ruby
+```ruby
 erb :main_layout, :layout => false do
   erb :admin_layout do
     erb :user
@@ -1142,7 +1184,7 @@ end
 
 This can also be done in fewer lines of code with:
 
-``` ruby
+```ruby
 erb :admin_layout, :layout => :main_layout do
   erb :user
 end
@@ -1155,7 +1197,7 @@ Currently, the following rendering methods accept a block: `erb`, `haml`,
 
 Templates may be defined at the end of the source file:
 
-``` ruby
+```ruby
 require 'sinatra'
 
 get '/' do
@@ -1180,7 +1222,7 @@ have inline templates in other source files.
 
 Templates may also be defined using the top-level `template` method:
 
-``` ruby
+```ruby
 template :layout do
   "%html\n  =yield\n"
 end
@@ -1199,7 +1241,7 @@ is rendered. You can individually disable layouts by passing
 `:layout => false` or disable them by default via
 `set :haml, :layout => false`:
 
-``` ruby
+```ruby
 get '/' do
   haml :index, :layout => !request.xhr?
 end
@@ -1211,7 +1253,7 @@ To associate a file extension with a template engine, use
 `Tilt.register`. For instance, if you like to use the file extension
 `tt` for Textile templates, you can do the following:
 
-``` ruby
+```ruby
 Tilt.register :tt, Tilt[:textile]
 ```
 
@@ -1219,7 +1261,7 @@ Tilt.register :tt, Tilt[:textile]
 
 First, register your engine with Tilt, then create a rendering method:
 
-``` ruby
+```ruby
 Tilt.register :myat, MyAwesomeTemplateEngine
 
 helpers do
@@ -1239,7 +1281,7 @@ learn more about Tilt.
 To implement your own template lookup mechanism you can write your
 own `#find_template` method:
 
-``` ruby
+```ruby
 configure do
   set :views [ './views/a', './views/b' ]
 end
@@ -1253,11 +1295,11 @@ end
 
 ## Filters
 
-Before filters are evaluated before each request within the same
-context as the routes will be and can modify the request and response. Instance
+Before filters are evaluated before each request within the same context
+as the routes will be and can modify the request and response. Instance
 variables set in filters are accessible by routes and templates:
 
-``` ruby
+```ruby
 before do
   @note = 'Hi!'
   request.path_info = '/foo/bar/baz'
@@ -1269,24 +1311,25 @@ get '/foo/*' do
 end
 ```
 
-After filters are evaluated after each request within the same context as the
-routes will be and can also modify the request and response. Instance variables
-set in before filters and routes are accessible by after filters:
+After filters are evaluated after each request within the same context
+as the routes will be and can also modify the request and response.
+Instance variables set in before filters and routes are accessible by
+after filters:
 
-``` ruby
+```ruby
 after do
   puts response.status
 end
 ```
 
-Note: Unless you use the `body` method rather than just returning a String from
-the routes, the body will not yet be available in the after filter, since it is
-generated later on.
+Note: Unless you use the `body` method rather than just returning a
+String from the routes, the body will not yet be available in the after
+filter, since it is generated later on.
 
 Filters optionally take a pattern, causing them to be evaluated only if the
 request path matches that pattern:
 
-``` ruby
+```ruby
 before '/protected/*' do
   authenticate!
 end
@@ -1298,7 +1341,7 @@ end
 
 Like routes, filters also take conditions:
 
-``` ruby
+```ruby
 before :agent => /Songbird/ do
   # ...
 end
@@ -1313,7 +1356,7 @@ end
 Use the top-level `helpers` method to define helper methods for use in
 route handlers and templates:
 
-``` ruby
+```ruby
 helpers do
   def bar(name)
     "#{name}bar"
@@ -1327,7 +1370,7 @@ end
 
 Alternatively, helper methods can be separately defined in a module:
 
-``` ruby
+```ruby
 module FooUtils
   def foo(name) "#{name}foo" end
 end
@@ -1346,7 +1389,7 @@ The effect is the same as including the modules in the application class.
 A session is used to keep state during requests. If activated, you have one
 session hash per user session:
 
-``` ruby
+```ruby
 enable :sessions
 
 get '/' do
@@ -1358,82 +1401,165 @@ get '/:value' do
 end
 ```
 
-Note that `enable :sessions` actually stores all data in a cookie. This
-might not always be what you want (storing lots of data will increase your
-traffic, for instance). You can use any Rack session middleware: in order to
-do so, do **not** call `enable :sessions`, but instead pull in your
-middleware of choice as you would any other middleware:
+#### Session Secret Security
 
-``` ruby
-use Rack::Session::Pool, :expire_after => 2592000
+To improve security, the session data in the cookie is signed with a session
+secret using `HMAC-SHA1`. This session secret should optimally be a
+cryptographically secure random value of an appropriate length which for
+`HMAC-SHA1` is greater than or equal to 64 bytes (512 bits, 128 hex
+characters). You would be advised not to use a secret that is less than 32
+bytes of randomness (256 bits, 64 hex characters). It is therefore **very
+important** that you don't just make the secret up, but instead use a secure
+random number generator to create it. Humans are extremely bad at generating
+random values.
 
-get '/' do
-  "value = " << session[:value].inspect
-end
+By default, a 32 byte secure random session secret is generated for you by
+Sinatra, but it will change with every restart of your application. If you
+have multiple instances of your application, and you let Sinatra generate the
+key, each instance would then have a different session key which is probably
+not what you want.
 
-get '/:value' do
-  session['value'] = params['value']
-end
+For better security and usability it's
+[recommended](https://12factor.net/config) that you generate a secure random
+secret and store it in an environment variable on each host running your
+application so that all of your application instances will share the same
+secret. You should periodically rotate this session secret to a new value.
+Here are some examples of how you might create a 64 byte secret and set it:
+
+**Session Secret Generation**
+
+```text
+$ ruby -e "require 'securerandom'; puts SecureRandom.hex(64)"
+99ae8af...snip...ec0f262ac
 ```
 
-To improve security, the session data in the cookie is signed with a session
-secret. A random secret is generated for you by Sinatra. However, since this
-secret will change with every start of your application, you might want to
-set the secret yourself, so all your application instances share it:
+**Session Secret Generation (Bonus Points)**
+
+Use the [sysrandom gem](https://github.com/cryptosphere/sysrandom) to prefer
+use of system RNG facilities to generate random values instead of
+userspace `OpenSSL` which MRI Ruby currently defaults to:
+
+```text
+$ gem install sysrandom
+Building native extensions.  This could take a while...
+Successfully installed sysrandom-1.x
+1 gem installed
+
+$ ruby -e "require 'sysrandom/securerandom'; puts SecureRandom.hex(64)"
+99ae8af...snip...ec0f262ac
+```
+
+**Session Secret Environment Variable**
+
+Set a `SESSION_SECRET` environment variable for Sinatra to the value you
+generated. Make this value persistent across reboots of your host. Since the
+method for doing this will vary across systems this is for illustrative
+purposes only:
+
+```bash
+# echo "export SESSION_SECRET=99ae8af...snip...ec0f262ac" >> ~/.bashrc
+```
+
+**Session Secret App Config**
+
+Setup your app config to fail-safe to a secure random secret
+if the `SESSION_SECRET` environment variable is not available.
 
-``` ruby
-set :session_secret, 'super secret'
+For bonus points use the [sysrandom
+gem](https://github.com/cryptosphere/sysrandom) here as well:
+
+```ruby
+require 'securerandom'
+# -or- require 'sysrandom/securerandom'
+set :session_secret, ENV.fetch('SESSION_SECRET') { SecureRandom.hex(64) }
 ```
 
-If you want to configure it further, you may also store a hash with options in
-the `sessions` setting:
+#### Session Config
+
+If you want to configure it further, you may also store a hash with options
+in the `sessions` setting:
 
-``` ruby
+```ruby
 set :sessions, :domain => 'foo.com'
 ```
 
 To share your session across other apps on subdomains of foo.com, prefix the
 domain with a *.* like this instead:
 
-``` ruby
+```ruby
 set :sessions, :domain => '.foo.com'
 ```
 
+#### Choosing Your Own Session Middleware
+
+Note that `enable :sessions` actually stores all data in a cookie. This
+might not always be what you want (storing lots of data will increase your
+traffic, for instance). You can use any Rack session middleware in order to
+do so, one of the following methods can be used:
+
+```ruby
+enable :sessions
+set :session_store, Rack::Session::Pool
+```
+
+Or to set up sessions with a hash of options:
+
+```ruby
+set :sessions, :expire_after => 2592000
+set :session_store, Rack::Session::Pool
+```
+
+Another option is to **not** call `enable :sessions`, but instead pull in
+your middleware of choice as you would any other middleware.
+
+It is important to note that when using this method, session based
+protection **will not be enabled by default**.
+
+The Rack middleware to do that will also need to be added:
+
+```ruby
+use Rack::Session::Pool, :expire_after => 2592000
+use Rack::Protection::RemoteToken
+use Rack::Protection::SessionHijacking
+```
+
+See 'Configuring attack protection' for more information.
+
 ### Halting
 
 To immediately stop a request within a filter or route use:
 
-``` ruby
+```ruby
 halt
 ```
 
 You can also specify the status when halting:
 
-``` ruby
+```ruby
 halt 410
 ```
 
 Or the body:
 
-``` ruby
+```ruby
 halt 'this will be the body'
 ```
 
 Or both:
 
-``` ruby
+```ruby
 halt 401, 'go away!'
 ```
 
 With headers:
 
-``` ruby
+```ruby
 halt 402, {'Content-Type' => 'text/plain'}, 'revenge'
 ```
 
 It is of course possible to combine a template with `halt`:
 
-``` ruby
+```ruby
 halt erb(:error)
 ```
 
@@ -1441,7 +1567,7 @@ halt erb(:error)
 
 A route can punt processing to the next matching route using `pass`:
 
-``` ruby
+```ruby
 get '/guess/:who' do
   pass unless params['who'] == 'Frank'
   'You got me!'
@@ -1457,10 +1583,10 @@ matching route. If no matching route is found, a 404 is returned.
 
 ### Triggering Another Route
 
-Sometimes `pass` is not what you want, instead you would like to get the result
-of calling another route. Simply use `call` to achieve this:
+Sometimes `pass` is not what you want, instead you would like to get the
+result of calling another route. Simply use `call` to achieve this:
 
-``` ruby
+```ruby
 get '/foo' do
   status, headers, body = call env.merge("PATH_INFO" => '/bar')
   [status, headers, body.map(&:upcase)]
@@ -1471,23 +1597,24 @@ get '/bar' do
 end
 ```
 
-Note that in the example above, you would ease testing and increase performance
-by simply moving `"bar"` into a helper used by both `/foo` and `/bar`.
+Note that in the example above, you would ease testing and increase
+performance by simply moving `"bar"` into a helper used by both `/foo` and
+`/bar`.
 
-If you want the request to be sent to the same application instance rather than
-a duplicate, use `call!` instead of `call`.
+If you want the request to be sent to the same application instance rather
+than a duplicate, use `call!` instead of `call`.
 
 Check out the Rack specification if you want to learn more about `call`.
 
 ### Setting Body, Status Code and Headers
 
-It is possible and recommended to set the status code and response body with the
-return value of the route block. However, in some scenarios you might want to
-set the body at an arbitrary point in the execution flow. You can do so with the
-`body` helper method. If you do so, you can use that method from there on to
-access the body:
+It is possible and recommended to set the status code and response body with
+the return value of the route block. However, in some scenarios you might
+want to set the body at an arbitrary point in the execution flow. You can do
+so with the `body` helper method. If you do so, you can use that method from
+there on to access the body:
 
-``` ruby
+```ruby
 get '/foo' do
   body "bar"
 end
@@ -1502,7 +1629,7 @@ Rack handler (this can be used to implement streaming, see "Return Values").
 
 Similar to the body, you can also set the status code and headers:
 
-``` ruby
+```ruby
 get '/foo' do
   status 418
   headers \
@@ -1522,7 +1649,7 @@ the response body. In extreme examples, you want to keep sending data until
 the client closes the connection. You can use the `stream` helper to avoid
 creating your own wrapper:
 
-``` ruby
+```ruby
 get '/' do
   stream do |out|
     out << "It's gonna be legen -\n"
@@ -1535,23 +1662,23 @@ end
 ```
 
 This allows you to implement streaming APIs,
-[Server Sent Events](http://dev.w3.org/html5/eventsource/), and can be used as
-the basis for [WebSockets](http://en.wikipedia.org/wiki/WebSocket). It can also be
-used to increase throughput if some but not all content depends on a slow
-resource.
+[Server Sent Events](https://w3c.github.io/eventsource/), and can be used as
+the basis for [WebSockets](https://en.wikipedia.org/wiki/WebSocket). It can
+also be used to increase throughput if some but not all content depends on a
+slow resource.
 
-Note that the streaming behavior, especially the number of concurrent requests,
-highly depends on the web server used to serve the application. Some servers,
-like WEBRick, might not even support streaming at all. If the server does not
-support streaming, the body will be sent all at once after the block passed to
-`stream` finishes executing. Streaming does not work at all with Shotgun.
+Note that the streaming behavior, especially the number of concurrent
+requests, highly depends on the web server used to serve the application.
+Some servers might not even support streaming at all. If the server does not
+support streaming, the body will be sent all at once after the block passed
+to `stream` finishes executing. Streaming does not work at all with Shotgun.
 
 If the optional parameter is set to `keep_open`, it will not call `close` on
 the stream object, allowing you to close it at any later point in the
 execution flow. This only works on evented servers, like Thin and Rainbows.
 Other servers will still close the stream:
 
-``` ruby
+```ruby
 # long polling
 
 set :server, :thin
@@ -1580,11 +1707,15 @@ post '/:message' do
 end
 ```
 
+It's also possible for the client to close the connection when trying to
+write to the socket. Because of this, it's recommended to check
+`out.closed?` before trying to write.
+
 ### Logging
 
 In the request scope, the `logger` helper exposes a `Logger` instance:
 
-``` ruby
+```ruby
 get '/' do
   logger.info "loading data"
   # ...
@@ -1595,10 +1726,10 @@ This logger will automatically take your Rack handler's logging settings into
 account. If logging is disabled, this method will return a dummy object, so
 you do not have to worry about it in your routes and filters.
 
-Note that logging is only enabled for `Sinatra::Application` by default, so if
-you inherit from `Sinatra::Base`, you probably want to enable it yourself:
+Note that logging is only enabled for `Sinatra::Application` by default, so
+if you inherit from `Sinatra::Base`, you probably want to enable it yourself:
 
-``` ruby
+```ruby
 class MyApp < Sinatra::Base
   configure :production, :development do
     enable :logging
@@ -1616,7 +1747,7 @@ whatever it will find in `env['rack.logger']`.
 When using `send_file` or static files you may have mime types Sinatra
 doesn't understand. Use `mime_type` to register them by file extension:
 
-``` ruby
+```ruby
 configure do
   mime_type :foo, 'text/foo'
 end
@@ -1624,7 +1755,7 @@ end
 
 You can also use it with the `content_type` helper:
 
-``` ruby
+```ruby
 get '/' do
   content_type :foo
   "foo foo foo"
@@ -1636,7 +1767,7 @@ end
 For generating URLs you should use the `url` helper method, for instance, in
 Haml:
 
-``` ruby
+```ruby
 %a{:href => url('/foo')} foo
 ```
 
@@ -1648,7 +1779,7 @@ This method is also aliased to `to` (see below for an example).
 
 You can trigger a browser redirect with the `redirect` helper method:
 
-``` ruby
+```ruby
 get '/foo' do
   redirect to('/bar')
 end
@@ -1656,15 +1787,15 @@ end
 
 Any additional parameters are handled like arguments passed to `halt`:
 
-``` ruby
+```ruby
 redirect to('/bar'), 303
-redirect 'http://google.com', 'wrong place, buddy'
+redirect 'http://www.google.com/', 'wrong place, buddy'
 ```
 
 You can also easily redirect back to the page the user came from with
 `redirect back`:
 
-``` ruby
+```ruby
 get '/foo' do
   "<a href='/bar'>do something</a>"
 end
@@ -1677,13 +1808,13 @@ end
 
 To pass arguments with a redirect, either add them to the query:
 
-``` ruby
+```ruby
 redirect to('/bar?sum=42')
 ```
 
 Or use a session:
 
-``` ruby
+```ruby
 enable :sessions
 
 get '/foo' do
@@ -1702,7 +1833,7 @@ Setting your headers correctly is the foundation for proper HTTP caching.
 
 You can easily set the Cache-Control header like this:
 
-``` ruby
+```ruby
 get '/' do
   cache_control :public
   "cache it!"
@@ -1711,7 +1842,7 @@ end
 
 Pro tip: Set up caching in a before filter:
 
-``` ruby
+```ruby
 before do
   cache_control :public, :must_revalidate, :max_age => 60
 end
@@ -1720,7 +1851,7 @@ end
 If you are using the `expires` helper to set the corresponding header,
 `Cache-Control` will be set automatically for you:
 
-``` ruby
+```ruby
 before do
   expires 500, :public, :must_revalidate
 end
@@ -1731,7 +1862,7 @@ It is recommended to call those helpers *before* doing any heavy lifting, as
 they will immediately flush a response if the client already has the current
 version in its cache:
 
-``` ruby
+```ruby
 get "/article/:id" do
   @article = Article.find params['id']
   last_modified @article.updated_at
@@ -1741,17 +1872,18 @@ end
 ```
 
 It is also possible to use a
-[weak ETag](http://en.wikipedia.org/wiki/HTTP_ETag#Strong_and_weak_validation):
+[weak ETag](https://en.wikipedia.org/wiki/HTTP_ETag#Strong_and_weak_validation):
 
-``` ruby
+```ruby
 etag @article.sha1, :weak
 ```
 
 These helpers will not do any caching for you, but rather feed the necessary
-information to your cache. If you are looking for a quick reverse-proxy caching
-solution, try [rack-cache](https://github.com/rtomayko/rack-cache):
+information to your cache. If you are looking for a quick
+reverse-proxy caching solution, try
+[rack-cache](https://github.com/rtomayko/rack-cache):
 
-``` ruby
+```ruby
 require "rack/cache"
 require "sinatra"
 
@@ -1767,14 +1899,15 @@ end
 Use the `:static_cache_control` setting (see below) to add
 `Cache-Control` header info to static files.
 
-According to RFC 2616, your application should behave differently if the If-Match
-or If-None-Match header is set to `*`, depending on whether the resource
-requested is already in existence. Sinatra assumes resources for safe (like get)
-and idempotent (like put) requests are already in existence, whereas other
-resources (for instance post requests) are treated as new resources. You
-can change this behavior by passing in a `:new_resource` option:
+According to RFC 2616, your application should behave differently if the
+If-Match or If-None-Match header is set to `*`, depending on whether the
+resource requested is already in existence. Sinatra assumes resources for
+safe (like get) and idempotent (like put) requests are already in existence,
+whereas other resources (for instance post requests) are treated as new
+resources. You can change this behavior by passing in a `:new_resource`
+option:
 
-``` ruby
+```ruby
 get '/create' do
   etag '', :new_resource => true
   Article.create
@@ -1784,7 +1917,7 @@ end
 
 If you still want to use a weak ETag, pass in a `:kind` option:
 
-``` ruby
+```ruby
 etag '', :new_resource => true, :kind => :weak
 ```
 
@@ -1793,7 +1926,7 @@ etag '', :new_resource => true, :kind => :weak
 To return the contents of a file as the response, you can use the `send_file`
 helper method:
 
-``` ruby
+```ruby
 get '/' do
   send_file 'foo.png'
 end
@@ -1801,7 +1934,7 @@ end
 
 It also takes options:
 
-``` ruby
+```ruby
 send_file 'foo.png', :type => :jpg
 ```
 
@@ -1809,8 +1942,8 @@ The options are:
 
 <dl>
   <dt>filename</dt>
-    <dd>File name to be used in the response, defaults to the real file name.</dd>
-
+    <dd>File name to be used in the response,
+    defaults to the real file name.</dd>
   <dt>last_modified</dt>
     <dd>Value for Last-Modified header, defaults to the file's mtime.</dd>
 
@@ -1829,20 +1962,19 @@ The options are:
 
   <dt>status</dt>
     <dd>
-      Status code to be sent. Useful when sending a static file as an error page.
-
-      If supported by the Rack handler, other means than streaming from the Ruby
-      process will be used. If you use this helper method, Sinatra will
-      automatically handle range requests.
+      Status code to be sent. Useful when sending a static file as an error
+      page. If supported by the Rack handler, other means than streaming
+      from the Ruby process will be used. If you use this helper method,
+      Sinatra will automatically handle range requests.
     </dd>
 </dl>
 
 ### Accessing the Request Object
 
-The incoming request object can be accessed from request level (filter, routes,
-error handlers) through the `request` method:
+The incoming request object can be accessed from request level (filter,
+routes, error handlers) through the `request` method:
 
-``` ruby
+```ruby
 # app running on http://example.com/example
 get '/foo' do
   t = %w[text/css text/html application/javascript]
@@ -1877,7 +2009,7 @@ end
 
 Some options, like `script_name` or `path_info`, can also be written:
 
-``` ruby
+```ruby
 before { request.path_info = "/" }
 
 get "/" do
@@ -1887,7 +2019,7 @@ end
 
 The `request.body` is an IO or StringIO object:
 
-``` ruby
+```ruby
 post "/api" do
   request.body.rewind  # in case someone already read it
   data = JSON.parse request.body.read
@@ -1897,10 +2029,10 @@ end
 
 ### Attachments
 
-You can use the `attachment` helper to tell the browser the response should be
-stored on disk rather than displayed in the browser:
+You can use the `attachment` helper to tell the browser the response should
+be stored on disk rather than displayed in the browser:
 
-``` ruby
+```ruby
 get '/' do
   attachment
   "store it!"
@@ -1909,7 +2041,7 @@ end
 
 You can also pass it a file name:
 
-``` ruby
+```ruby
 get '/' do
   attachment "info.txt"
   "store it!"
@@ -1918,21 +2050,22 @@ end
 
 ### Dealing with Date and Time
 
-Sinatra offers a `time_for` helper method that generates a Time object from the
-given value. It is also able to convert `DateTime`, `Date` and similar classes:
+Sinatra offers a `time_for` helper method that generates a Time object from
+the given value. It is also able to convert `DateTime`, `Date` and similar
+classes:
 
-``` ruby
+```ruby
 get '/' do
-  pass if Time.now > time_for('Dec 23, 2012')
+  pass if Time.now > time_for('Dec 23, 2016')
   "still time"
 end
 ```
 
-This method is used internally by `expires`, `last_modified` and akin. You can
-therefore easily extend the behavior of those methods by overriding `time_for`
-in your application:
+This method is used internally by `expires`, `last_modified` and akin. You
+can therefore easily extend the behavior of those methods by overriding
+`time_for` in your application:
 
-``` ruby
+```ruby
 helpers do
   def time_for(value)
     case value
@@ -1954,17 +2087,17 @@ end
 
 The `find_template` helper is used to find template files for rendering:
 
-``` ruby
+```ruby
 find_template settings.views, 'foo', Tilt[:haml] do |file|
   puts "could be #{file}"
 end
 ```
 
-This is not really useful. But it is useful that you can actually override this
-method to hook in your own lookup mechanism. For instance, if you want to be
-able to use more than one view directory:
+This is not really useful. But it is useful that you can actually override
+this method to hook in your own lookup mechanism. For instance, if you want
+to be able to use more than one view directory:
 
-``` ruby
+```ruby
 set :views, ['views', 'templates']
 
 helpers do
@@ -1976,7 +2109,7 @@ end
 
 Another example would be using different directories for different engines:
 
-``` ruby
+```ruby
 set :views, :sass => 'views/sass', :haml => 'templates', :default => 'views'
 
 helpers do
@@ -1991,17 +2124,17 @@ end
 You can also easily wrap this up in an extension and share with others!
 
 Note that `find_template` does not check if the file really exists but
-rather calls the given block for all possible paths. This is not a performance
-issue, since `render` will use `break` as soon as a file is found. Also,
-template locations (and content) will be cached if you are not running in
-development mode. You should keep that in mind if you write a really crazy
-method.
+rather calls the given block for all possible paths. This is not a
+performance issue, since `render` will use `break` as soon as a file is
+found. Also, template locations (and content) will be cached if you are not
+running in development mode. You should keep that in mind if you write a
+really crazy method.
 
 ## Configuration
 
 Run once, at startup, in any environment:
 
-``` ruby
+```ruby
 configure do
   # setting one option
   set :option, 'value'
@@ -2020,10 +2153,10 @@ configure do
 end
 ```
 
-Run only when the environment (`RACK_ENV` environment variable) is set to
+Run only when the environment (`APP_ENV` environment variable) is set to
 `:production`:
 
-``` ruby
+```ruby
 configure :production do
   ...
 end
@@ -2039,7 +2172,7 @@ end
 
 You can access those options via `settings`:
 
-``` ruby
+```ruby
 configure do
   set :foo, 'bar'
 end
@@ -2054,33 +2187,33 @@ end
 ### Configuring attack protection
 
 Sinatra is using
-[Rack::Protection](https://github.com/rkh/rack-protection#readme) to defend
-your application against common, opportunistic attacks. You can easily disable
-this behavior (which will open up your application to tons of common
-vulnerabilities):
+[Rack::Protection](https://github.com/sinatra/rack-protection#readme) to
+defend your application against common, opportunistic attacks. You can
+easily disable this behavior (which will open up your application to tons
+of common vulnerabilities):
 
-``` ruby
+```ruby
 disable :protection
 ```
 
 To skip a single defense layer, set `protection` to an options hash:
 
-``` ruby
+```ruby
 set :protection, :except => :path_traversal
 ```
 You can also hand in an array in order to disable a list of protections:
 
-``` ruby
+```ruby
 set :protection, :except => [:path_traversal, :session_hijacking]
 ```
 
 By default, Sinatra will only set up session based protection if `:sessions`
-has been enabled. Sometimes you want to set up sessions on your own, though. In
-that case you can get it to set up session based protections by passing the
-`:session` option:
+have been enabled. See 'Using Sessions'. Sometimes you may want to set up
+sessions "outside" of the Sinatra app, such as in the config.ru or with a
+separate `Rack::Builder` instance. In that case you can still set up session
+based protection by passing the `:session` option:
 
-``` ruby
-use Rack::Session::Pool
+```ruby
 set :protection, :session => true
 ```
 
@@ -2088,197 +2221,224 @@ set :protection, :session => true
 
 <dl>
   <dt>absolute_redirects</dt>
-  <dd>
-    If disabled, Sinatra will allow relative redirects, however, Sinatra will no
-    longer conform with RFC 2616 (HTTP 1.1), which only allows absolute redirects.
-  </dd>
-  <dd>
-    Enable if your app is running behind a reverse proxy that has not been set up
-    properly. Note that the <tt>url</tt> helper will still produce absolute URLs, unless you
-    pass in <tt>false</tt> as the second parameter.
-  </dd>
-  <dd>Disabled by default.</dd>
+    <dd>
+      If disabled, Sinatra will allow relative redirects, however, Sinatra
+      will no longer conform with RFC 2616 (HTTP 1.1), which only allows
+      absolute redirects.
+    </dd>
+    <dd>
+      Enable if your app is running behind a reverse proxy that has not been
+      set up properly. Note that the <tt>url</tt> helper will still produce
+      absolute URLs, unless you pass in <tt>false</tt> as the second
+      parameter.
+    </dd>
+    <dd>Disabled by default.</dd>
 
   <dt>add_charset</dt>
-  <dd>
-    Mime types the <tt>content_type</tt> helper will automatically add the charset info to.
-    You should add to it rather than overriding this option:
-    <tt>settings.add_charset << "application/foobar"</tt>
-  </dd>
+    <dd>
+      Mime types the <tt>content_type</tt> helper will automatically add the
+      charset info to. You should add to it rather than overriding this
+      option: <tt>settings.add_charset << "application/foobar"</tt>
+    </dd>
 
   <dt>app_file</dt>
-  <dd>
-    Path to the main application file, used to detect project root, views and public
-    folder and inline templates.
-  </dd>
+    <dd>
+      Path to the main application file, used to detect project root, views
+      and public folder and inline templates.
+    </dd>
 
   <dt>bind</dt>
-  <dd>IP address to bind to (default: <tt>0.0.0.0</tt> <em>or</em>
-  <tt>localhost</tt> if your `environment` is set to development). Only used
-  for built-in server.</dd>
+    <dd>
+      IP address to bind to (default: <tt>0.0.0.0</tt> <em>or</em>
+      <tt>localhost</tt> if your `environment` is set to development). Only
+      used for built-in server.
+    </dd>
 
   <dt>default_encoding</dt>
-  <dd>Encoding to assume if unknown (defaults to <tt>"utf-8"</tt>).</dd>
+    <dd>Encoding to assume if unknown (defaults to <tt>"utf-8"</tt>).</dd>
 
   <dt>dump_errors</dt>
-  <dd>Display errors in the log.</dd>
+    <dd>Display errors in the log.</dd>
 
   <dt>environment</dt>
-  <dd>
-    Current environment. Defaults to <tt>ENV['RACK_ENV']</tt>, or
-    <tt>"development"</tt> if not available.
-  </dd>
+    <dd>
+      Current environment. Defaults to <tt>ENV['APP_ENV']</tt>, or
+      <tt>"development"</tt> if not available.
+    </dd>
 
   <dt>logging</dt>
-  <dd>Use the logger.</dd>
+    <dd>Use the logger.</dd>
 
   <dt>lock</dt>
-  <dd>
-    Places a lock around every request, only running processing on request
-    per Ruby process concurrently.
-  </dd>
-  <dd>Enabled if your app is not thread-safe. Disabled per default.</dd>
+    <dd>
+      Places a lock around every request, only running processing on request
+      per Ruby process concurrently.
+    </dd>
+    <dd>Enabled if your app is not thread-safe. Disabled by default.</dd>
 
   <dt>method_override</dt>
+    <dd>
+      Use <tt>_method</tt> magic to allow put/delete forms in browsers that
+      don't support it.
+    </dd>
+
+  <dt>mustermann_opts</dt>
   <dd>
-    Use <tt>_method</tt> magic to allow put/delete forms in browsers that
-    don't support it.
+    A default hash of options to pass to Mustermann.new when compiling routing
+    paths.
   </dd>
 
   <dt>port</dt>
-  <dd>Port to listen on. Only used for built-in server.</dd>
+    <dd>Port to listen on. Only used for built-in server.</dd>
 
   <dt>prefixed_redirects</dt>
-  <dd>
-    Whether or not to insert <tt>request.script_name</tt> into redirects if no
-    absolute path is given. That way <tt>redirect '/foo'</tt> would behave like
-    <tt>redirect to('/foo')</tt>. Disabled per default.
-  </dd>
+    <dd>
+      Whether or not to insert <tt>request.script_name</tt> into redirects
+      if no absolute path is given. That way <tt>redirect '/foo'</tt> would
+        behave like <tt>redirect to('/foo')</tt>. Disabled by default.
+    </dd>
 
   <dt>protection</dt>
-  <dd>Whether or not to enable web attack protections. See protection section
-  above.</dd>
+    <dd>
+      Whether or not to enable web attack protections. See protection section
+      above.
+    </dd>
 
   <dt>public_dir</dt>
-  <dd>Alias for <tt>public_folder</tt>. See below.</dd>
+    <dd>Alias for <tt>public_folder</tt>. See below.</dd>
 
   <dt>public_folder</dt>
-  <dd>
-    Path to the folder public files are served from. Only used if static
-    file serving is enabled (see <tt>static</tt> setting below). Inferred from
-    <tt>app_file</tt> setting if not set.
-  </dd>
+    <dd>
+      Path to the folder public files are served from. Only used if static
+      file serving is enabled (see <tt>static</tt> setting below). Inferred
+      from <tt>app_file</tt> setting if not set.
+    </dd>
+
+  <dt>quiet</dt>
+    <dd>
+      Disables logs generated by Sinatra's start and stop commands.
+      <tt>false</tt> by default.
+    </dd>
 
   <dt>reload_templates</dt>
-  <dd>
-    Whether or not to reload templates between requests. Enabled in development
-    mode.
-  </dd>
+    <dd>
+      Whether or not to reload templates between requests. Enabled in
+      development mode.
+    </dd>
 
   <dt>root</dt>
-  <dd>
-    Path to project root folder. Inferred from <tt>app_file</tt> setting if not
-    set.
-  </dd>
+    <dd>
+      Path to project root folder. Inferred from <tt>app_file</tt> setting
+      if not set.
+    </dd>
 
   <dt>raise_errors</dt>
-  <dd>
-    Raise exceptions (will stop application). Enabled by default when
-    <tt>environment</tt> is set to <tt>"test"</tt>, disabled otherwise.
-  </dd>
+    <dd>
+      Raise exceptions (will stop application). Enabled by default when
+      <tt>environment</tt> is set to <tt>"test"</tt>, disabled otherwise.
+    </dd>
 
   <dt>run</dt>
-  <dd>
-    If enabled, Sinatra will handle starting the web server. Do not
-    enable if using rackup or other means.
-  </dd>
+    <dd>
+      If enabled, Sinatra will handle starting the web server. Do not
+      enable if using rackup or other means.
+    </dd>
 
   <dt>running</dt>
-  <dd>Is the built-in server running now? Do not change this setting!</dd>
+    <dd>Is the built-in server running now? Do not change this setting!</dd>
 
   <dt>server</dt>
-  <dd>
-    Server or list of servers to use for built-in server. Order indicates
-    priority, default depends on Ruby implementation.
-  </dd>
+    <dd>
+      Server or list of servers to use for built-in server. Order indicates
+      priority, default depends on Ruby implementation.
+    </dd>
 
   <dt>sessions</dt>
-  <dd>
-    Enable cookie-based sessions support using <tt>Rack::Session::Cookie</tt>.
-    See 'Using Sessions' section for more information.
-  </dd>
+    <dd>
+      Enable cookie-based sessions support using
+      <tt>Rack::Session::Cookie</tt>. See 'Using Sessions' section for more
+      information.
+    </dd>
+
+  <dt>session_store</dt>
+    <dd>
+      The Rack session middleware used. Defaults to
+      <tt>Rack::Session::Cookie</tt>. See 'Using Sessions' section for more
+      information.
+    </dd>
 
   <dt>show_exceptions</dt>
-  <dd>
-    Show a stack trace in the browser when an exception happens. Enabled by
-    default when <tt>environment</tt> is set to <tt>"development"</tt>,
-    disabled otherwise.
-  </dd>
-  <dd>
-    Can also be set to <tt>:after_handler</tt> to trigger app-specified error
-    handling before showing a stack trace in the browser.
-  </dd>
+    <dd>
+      Show a stack trace in the browser when an exception happens. Enabled by
+      default when <tt>environment</tt> is set to <tt>"development"</tt>,
+      disabled otherwise.
+    </dd>
+    <dd>
+      Can also be set to <tt>:after_handler</tt> to trigger app-specified
+      error handling before showing a stack trace in the browser.
+    </dd>
 
   <dt>static</dt>
-  <dd>Whether Sinatra should handle serving static files.</dd>
-  <dd>Disable when using a server able to do this on its own.</dd>
-  <dd>Disabling will boost performance.</dd>
-  <dd>
-    Enabled per default in classic style, disabled for modular apps.
-  </dd>
+    <dd>Whether Sinatra should handle serving static files.</dd>
+    <dd>Disable when using a server able to do this on its own.</dd>
+    <dd>Disabling will boost performance.</dd>
+    <dd>
+      Enabled by default in classic style, disabled for modular apps.
+    </dd>
 
   <dt>static_cache_control</dt>
-  <dd>
-    When Sinatra is serving static files, set this to add <tt>Cache-Control</tt>
-    headers to the responses. Uses the <tt>cache_control</tt> helper. Disabled
-    by default.
-  </dd>
-  <dd>
-    Use an explicit array when setting multiple values:
-    <tt>set :static_cache_control, [:public, :max_age => 300]</tt>
-  </dd>
+    <dd>
+      When Sinatra is serving static files, set this to add
+      <tt>Cache-Control</tt> headers to the responses. Uses the
+      <tt>cache_control</tt> helper. Disabled by default.
+    </dd>
+    <dd>
+      Use an explicit array when setting multiple values:
+      <tt>set :static_cache_control, [:public, :max_age => 300]</tt>
+    </dd>
 
   <dt>threaded</dt>
-  <dd>
-    If set to <tt>true</tt>, will tell Thin to use <tt>EventMachine.defer</tt>
-    for processing the request.
-  </dd>
+    <dd>
+      If set to <tt>true</tt>, will tell Thin to use
+      <tt>EventMachine.defer</tt> for processing the request.
+    </dd>
 
   <dt>traps</dt>
-  <dd>Whether Sinatra should handle system signals.</dd>
+    <dd>Whether Sinatra should handle system signals.</dd>
 
   <dt>views</dt>
-  <dd>
-    Path to the views folder. Inferred from <tt>app_file</tt> setting if
-    not set.
-  </dd>
+    <dd>
+      Path to the views folder. Inferred from <tt>app_file</tt> setting if
+      not set.
+    </dd>
 
   <dt>x_cascade</dt>
-  <dd>
-    Whether or not to set the X-Cascade header if no route matches.
-    Defaults to <tt>true</tt>.
-  </dd>
+    <dd>
+      Whether or not to set the X-Cascade header if no route matches.
+      Defaults to <tt>true</tt>.
+    </dd>
 </dl>
 
 ## Environments
 
-There are three predefined `environments`: `"development"`, `"production"` and
-`"test"`. Environments can be set through the `RACK_ENV` environment variable.
-The default value is `"development"`. In the `"development"` environment all
-templates are reloaded between requests, and special `not_found` and `error`
-handlers display stack traces in your browser. In the `"production"` and
-`"test"` environments, templates are cached by default.
+There are three predefined `environments`: `"development"`,
+`"production"` and `"test"`. Environments can be set through the
+`APP_ENV` environment variable. The default value is `"development"`.
+In the `"development"` environment all templates are reloaded between
+requests, and special `not_found` and `error` handlers display stack
+traces in your browser. In the `"production"` and `"test"` environments,
+templates are cached by default.
 
-To run different environments, set the `RACK_ENV` environment variable:
+To run different environments, set the `APP_ENV` environment variable:
 
-``` shell
-RACK_ENV=production ruby my_app.rb
+```shell
+APP_ENV=production ruby my_app.rb
 ```
 
 You can use predefined methods: `development?`, `test?` and `production?` to
 check the current environment setting:
 
-``` ruby
+```ruby
 get '/' do
   if settings.development?
     "development!"
@@ -2290,16 +2450,16 @@ end
 
 ## Error Handling
 
-Error handlers run within the same context as routes and before filters, which
-means you get all the goodies it has to offer, like `haml`,
-`erb`, `halt`, etc.
+Error handlers run within the same context as routes and before filters,
+which means you get all the goodies it has to offer, like `haml`, `erb`,
+`halt`, etc.
 
 ### Not Found
 
 When a `Sinatra::NotFound` exception is raised, or the response's status
 code is 404, the `not_found` handler is invoked:
 
-``` ruby
+```ruby
 not_found do
   'This is nowhere to be found.'
 end
@@ -2317,7 +2477,7 @@ set :show_exceptions, :after_handler
 
 The exception object can be obtained from the `sinatra.error` Rack variable:
 
-``` ruby
+```ruby
 error do
   'Sorry there was a nasty error - ' + env['sinatra.error'].message
 end
@@ -2325,7 +2485,7 @@ end
 
 Custom errors:
 
-``` ruby
+```ruby
 error MyCustomError do
   'So what happened was...' + env['sinatra.error'].message
 end
@@ -2333,7 +2493,7 @@ end
 
 Then, if this happens:
 
-``` ruby
+```ruby
 get '/' do
   raise MyCustomError, 'something bad'
 end
@@ -2347,7 +2507,7 @@ So what happened was... something bad
 
 Alternatively, you can install an error handler for a status code:
 
-``` ruby
+```ruby
 error 403 do
   'Access forbidden'
 end
@@ -2359,7 +2519,7 @@ end
 
 Or a range:
 
-``` ruby
+```ruby
 error 400..510 do
   'Boom'
 end
@@ -2372,15 +2532,16 @@ and additional debugging information in your browser.
 ## Rack Middleware
 
 Sinatra rides on [Rack](http://rack.github.io/), a minimal standard
-interface for Ruby web frameworks. One of Rack's most interesting capabilities
-for application developers is support for "middleware" -- components that sit
-between the server and your application monitoring and/or manipulating the
-HTTP request/response to provide various types of common functionality.
+interface for Ruby web frameworks. One of Rack's most interesting
+capabilities for application developers is support for "middleware" --
+components that sit between the server and your application monitoring
+and/or manipulating the HTTP request/response to provide various types
+of common functionality.
 
 Sinatra makes building Rack middleware pipelines a cinch via a top-level
 `use` method:
 
-``` ruby
+```ruby
 require 'sinatra'
 require 'my_custom_middleware'
 
@@ -2393,11 +2554,11 @@ end
 ```
 
 The semantics of `use` are identical to those defined for the
-[Rack::Builder](http://rubydoc.info/github/rack/rack/master/Rack/Builder) DSL
+[Rack::Builder](http://www.rubydoc.info/github/rack/rack/master/Rack/Builder) DSL
 (most frequently used from rackup files). For example, the `use` method
 accepts multiple/variable args as well as blocks:
 
-``` ruby
+```ruby
 use Rack::Auth::Basic do |username, password|
   username == 'admin' && password == 'secret'
 end
@@ -2415,11 +2576,12 @@ or in the [Rack wiki](https://github.com/rack/rack/wiki/List-of-Middleware).
 
 ## Testing
 
-Sinatra tests can be written using any Rack-based testing library or framework.
-[Rack::Test](http://rdoc.info/github/brynary/rack-test/master/frames)
+Sinatra tests can be written using any Rack-based testing library or
+framework.
+[Rack::Test](http://www.rubydoc.info/github/brynary/rack-test/master/frames)
 is recommended:
 
-``` ruby
+```ruby
 require 'my_sinatra_app'
 require 'minitest/autorun'
 require 'rack/test'
@@ -2441,7 +2603,7 @@ class MyAppTest < Minitest::Test
     assert_equal 'Hello Frank!', last_response.body
   end
 
-  def test_with_rack_env
+  def test_with_user_agent
     get '/', {}, 'HTTP_USER_AGENT' => 'Songbird'
     assert_equal "You're using Songbird!", last_response.body
   end
@@ -2461,7 +2623,7 @@ Sinatra extensions. The top-level assumes a micro-app style configuration
 directories, logging, exception detail page, etc.). That's where
 `Sinatra::Base` comes into play:
 
-``` ruby
+```ruby
 require 'sinatra/base'
 
 class MyApp < Sinatra::Base
@@ -2474,9 +2636,9 @@ class MyApp < Sinatra::Base
 end
 ```
 
-The methods available to `Sinatra::Base` subclasses are exactly the same as
-those available via the top-level DSL. Most top-level apps can be converted to
-`Sinatra::Base` components with two modifications:
+The methods available to `Sinatra::Base` subclasses are exactly the same
+as those available via the top-level DSL. Most top-level apps can be
+converted to `Sinatra::Base` components with two modifications:
 
 * Your file should require `sinatra/base` instead of `sinatra`;
   otherwise, all of Sinatra's DSL methods are imported into the main
@@ -2485,14 +2647,13 @@ those available via the top-level DSL. Most top-level apps can be converted to
   of `Sinatra::Base`.
 
 `Sinatra::Base` is a blank slate. Most options are disabled by default,
-including the built-in server. See
-[Configuring Settings](http://sinatra.github.com/configuration.html)
-for details on available options and their behavior. If you want
-behavior more similar to when you define your app at the top level (also
-known as Classic style), you
-can subclass `Sinatra::Application`.
-
-``` ruby
+including the built-in server. See [Configuring
+Settings](http://www.sinatrarb.com/configuration.html) for details on
+available options and their behavior. If you want behavior more similar
+to when you define your app at the top level (also known as Classic
+style), you can subclass `Sinatra::Application`:
+
+```ruby
 require 'sinatra/base'
 
 class MyApp < Sinatra::Application
@@ -2504,16 +2665,17 @@ end
 
 ### Modular vs. Classic Style
 
-Contrary to common belief, there is nothing wrong with the classic style. If it
-suits your application, you do not have to switch to a modular application.
+Contrary to common belief, there is nothing wrong with the classic
+style. If it suits your application, you do not have to switch to a
+modular application.
 
-The main disadvantage of using the classic style rather than the modular style
-is that you will only have one Sinatra application per Ruby process. If you
-plan to use more than one, switch to the modular style. There is no reason you
-cannot mix the modular and the classic styles.
+The main disadvantage of using the classic style rather than the modular
+style is that you will only have one Sinatra application per Ruby
+process. If you plan to use more than one, switch to the modular style.
+There is no reason you cannot mix the modular and the classic styles.
 
-If switching from one style to the other, you should be aware of slightly
-different default settings:
+If switching from one style to the other, you should be aware of
+slightly different default settings:
 
 <table>
   <tr>
@@ -2561,17 +2723,17 @@ different default settings:
   <tr>
     <td>static</td>
     <td>true</td>
-    <td>false</td>
+    <td>File.exist?(public_folder)</td>
     <td>true</td>
   </tr>
 </table>
 
 ### Serving a Modular Application
 
-There are two common options for starting a modular app, actively starting with
-`run!`:
+There are two common options for starting a modular app, actively
+starting with `run!`:
 
-``` ruby
+```ruby
 # my_app.rb
 require 'sinatra/base'
 
@@ -2585,13 +2747,13 @@ end
 
 Start with:
 
-``` shell
+```shell
 ruby my_app.rb
 ```
 
 Or with a `config.ru` file, which allows using any Rack handler:
 
-``` ruby
+```ruby
 # config.ru (run with rackup)
 require './my_app'
 run MyApp
@@ -2599,7 +2761,7 @@ run MyApp
 
 Run:
 
-``` shell
+```shell
 rackup -p 4567
 ```
 
@@ -2607,7 +2769,7 @@ rackup -p 4567
 
 Write your app file:
 
-``` ruby
+```ruby
 # app.rb
 require 'sinatra'
 
@@ -2618,7 +2780,7 @@ end
 
 And a corresponding `config.ru`:
 
-``` ruby
+```ruby
 require './app'
 run Sinatra::Application
 ```
@@ -2632,18 +2794,18 @@ A `config.ru` file is recommended if:
 * You want to use more than one subclass of `Sinatra::Base`.
 * You want to use Sinatra only for middleware, and not as an endpoint.
 
-**There is no need to switch to a `config.ru` simply because you switched to
-the modular style, and you don't have to use the modular style for running with
-a `config.ru`.**
+**There is no need to switch to a `config.ru` simply because you
+switched to the modular style, and you don't have to use the modular
+style for running with a `config.ru`.**
 
 ### Using Sinatra as Middleware
 
-Not only is Sinatra able to use other Rack middleware, any Sinatra application
-can in turn be added in front of any Rack endpoint as middleware itself. This
-endpoint could be another Sinatra application, or any other Rack-based
-application (Rails/Ramaze/Camping/...):
+Not only is Sinatra able to use other Rack middleware, any Sinatra
+application can in turn be added in front of any Rack endpoint as
+middleware itself. This endpoint could be another Sinatra application,
+or any other Rack-based application (Rails/Hanami/Roda/...):
 
-``` ruby
+```ruby
 require 'sinatra/base'
 
 class LoginScreen < Sinatra::Base
@@ -2679,7 +2841,7 @@ end
 Sometimes you want to create new applications at runtime without having to
 assign them to a constant. You can do this with `Sinatra.new`:
 
-``` ruby
+```ruby
 require 'sinatra/base'
 my_app = Sinatra.new { get('/') { "hi" } }
 my_app.run!
@@ -2710,7 +2872,7 @@ your own library.
 
 This also makes using Sinatra as middleware extremely easy:
 
-``` ruby
+```ruby
 require 'sinatra/base'
 
 use Sinatra do
@@ -2730,13 +2892,13 @@ available.
 Every Sinatra application corresponds to a subclass of `Sinatra::Base`.
 If you are using the top-level DSL (`require 'sinatra'`), then this
 class is `Sinatra::Application`, otherwise it is the subclass you
-created explicitly. At class level you have methods like `get` or `before`, but
-you cannot access the `request` or `session` objects, as there is only a
-single application class for all requests.
+created explicitly. At class level you have methods like `get` or
+`before`, but you cannot access the `request` or `session` objects, as
+there is only a single application class for all requests.
 
 Options created via `set` are methods at class level:
 
-``` ruby
+```ruby
 class MyApp < Sinatra::Base
   # Hey, I'm in the application scope!
   set :foo, 42
@@ -2769,7 +2931,7 @@ can access the `request` and `session` objects or call rendering methods like
 `erb` or `haml`. You can access the application scope from within the request
 scope via the `settings` helper:
 
-``` ruby
+```ruby
 class MyApp < Sinatra::Base
   # Hey, I'm in the application scope!
   get '/define_route/:name' do
@@ -2788,7 +2950,7 @@ end
 
 You have the request scope binding inside:
 
-* get, head, post, put, delete, options, patch, link, and unlink blocks
+* get, head, post, put, delete, options, patch, link and unlink blocks
 * before and after filters
 * helper methods
 * templates/views
@@ -2815,8 +2977,8 @@ being [extending the main object](https://github.com/sinatra/sinatra/blob/ca0636
 
 Sinatra applications can be run directly:
 
-``` shell
-ruby myapp.rb [-h] [-x] [-e ENVIRONMENT] [-p PORT] [-o HOST] [-s HANDLER]
+```shell
+ruby myapp.rb [-h] [-x] [-q] [-e ENVIRONMENT] [-p PORT] [-o HOST] [-s HANDLER]
 ```
 
 Options are:
@@ -2827,38 +2989,54 @@ Options are:
 -o # set the host (default is 0.0.0.0)
 -e # set the environment (default is development)
 -s # specify rack server/handler (default is thin)
+-q # turn on quiet mode for server (default is off)
 -x # turn on the mutex lock (default is off)
 ```
 
-## Requirement
+### Multi-threading
 
-The following Ruby versions are officially supported:
-<dl>
-  <dt>Ruby 1.8.7</dt>
-  <dd>
-    1.8.7 is fully supported, however, if nothing is keeping you from it, we
-    recommend upgrading or switching to JRuby or Rubinius. Support for 1.8.7
-    will not be dropped before Sinatra 2.0. Ruby 1.8.6 is no longer supported.
-  </dd>
+_Paraphrasing from [this StackOverflow answer][so-answer] by Konstantin_
 
-  <dt>Ruby 1.9.2</dt>
-  <dd>
-    1.9.2 is fully supported. Do not use 1.9.2p0, as it is known to cause
-    segmentation faults when running Sinatra. Official support will continue
-    at least until the release of Sinatra 1.5.
-  </dd>
+Sinatra doesn't impose any concurrency model, but leaves that to the
+underlying Rack handler (server) like Thin, Puma or WEBrick. Sinatra
+itself is thread-safe, so there won't be any problem if the Rack handler
+uses a threaded model of concurrency. This would mean that when starting
+the server, you'd have to specify the correct invocation method for the
+specific Rack handler. The following example is a demonstration of how
+to start a multi-threaded Thin server:
 
-  <dt>Ruby 1.9.3</dt>
-  <dd>
-    1.9.3 is fully supported and recommended. Please note that switching to 1.9.3
-    from an earlier version will invalidate all sessions. 1.9.3 will be supported
-    until the release of Sinatra 2.0.
-  </dd>
+```ruby
+# app.rb
+
+require 'sinatra/base'
+
+class App < Sinatra::Base
+  get '/' do
+    "Hello, World"
+  end
+end
+
+App.run!
+
+```
+
+To start the server, the command would be:
+
+```shell
+thin --threaded start
+```
 
-  <dt>Ruby 2.x</dt>
+
+[so-answer]: http://stackoverflow.com/questions/6278817/is-sinatra-multi-threaded/6282999#6282999)
+
+## Requirement
+
+The following Ruby versions are officially supported:
+<dl>
+  <dt>Ruby 2.2</dt>
   <dd>
-    2.x is fully supported and recommended. There are currently no plans to drop
-    official support for it.
+    2.2 is fully supported and recommended. There are currently no plans to
+    drop official support for it.
   </dd>
 
   <dt>Rubinius</dt>
@@ -2875,6 +3053,8 @@ The following Ruby versions are officially supported:
   </dd>
 </dl>
 
+Versions of Ruby prior to 2.2.2 are no longer supported as of Sinatra 2.0.
+
 We also keep an eye on upcoming Ruby versions.
 
 The following Ruby implementations are not officially supported but still are
@@ -2888,9 +3068,9 @@ known to run Sinatra:
 Not being officially supported means if things only break there and not on a
 supported platform, we assume it's not our issue but theirs.
 
-We also run our CI against ruby-head (future releases of MRI), but we can't
-guarantee anything, since it is constantly moving. Expect upcoming 2.x releases
-to be fully supported.
+We also run our CI against ruby-head (future releases of MRI), but we
+can't guarantee anything, since it is constantly moving. Expect upcoming
+2.x releases to be fully supported.
 
 Sinatra should work on any operating system supported by the chosen Ruby
 implementation.
@@ -2898,16 +3078,17 @@ implementation.
 If you run MacRuby, you should `gem install control_tower`.
 
 Sinatra currently doesn't run on Cardinal, SmallRuby, BlueRuby or any
-Ruby version prior to 1.8.7.
+Ruby version prior to 2.2.
 
 ## The Bleeding Edge
 
-If you would like to use Sinatra's latest bleeding-edge code, feel free to run your
-application against the master branch, it should be rather stable.
+If you would like to use Sinatra's latest bleeding-edge code, feel free
+to run your application against the master branch, it should be rather
+stable.
 
 We also push out prerelease gems from time to time, so you can do a
 
-``` shell
+```shell
 gem install sinatra --pre
 ```
 
@@ -2916,11 +3097,11 @@ to get some of the latest features.
 ### With Bundler
 
 If you want to run your application with the latest Sinatra, using
-[Bundler](http://gembundler.com/) is the recommended way.
+[Bundler](http://bundler.io) is the recommended way.
 
 First, install bundler, if you haven't:
 
-``` shell
+```shell
 gem install bundler
 ```
 
@@ -2928,58 +3109,22 @@ Then, in your project directory, create a `Gemfile`:
 
 ```ruby
 source 'https://rubygems.org'
-gem 'sinatra', :github => "sinatra/sinatra"
+gem 'sinatra', :github => 'sinatra/sinatra'
 
 # other dependencies
 gem 'haml'                    # for instance, if you use haml
-gem 'activerecord', '~> 3.0'  # maybe you also need ActiveRecord 3.x
 ```
 
-Note that you will have to list all your application's dependencies in the `Gemfile`.
-Sinatra's direct dependencies (Rack and Tilt) will, however, be automatically
-fetched and added by Bundler.
+Note that you will have to list all your application's dependencies in
+the `Gemfile`. Sinatra's direct dependencies (Rack and Tilt) will,
+however, be automatically fetched and added by Bundler.
 
 Now you can run your app like this:
 
-``` shell
+```shell
 bundle exec ruby myapp.rb
 ```
 
-### Roll Your Own
-
-Create a local clone and run your app with the `sinatra/lib` directory
-on the `$LOAD_PATH`:
-
-``` shell
-cd myapp
-git clone git://github.com/sinatra/sinatra.git
-ruby -I sinatra/lib myapp.rb
-```
-
-To update the Sinatra sources in the future:
-
-``` shell
-cd myapp/sinatra
-git pull
-```
-
-### Install Globally
-
-You can build the gem on your own:
-
-``` shell
-git clone git://github.com/sinatra/sinatra.git
-cd sinatra
-rake sinatra.gemspec
-rake install
-```
-
-If you install gems as root, the last step should be:
-
-``` shell
-sudo rake install
-```
-
 ## Versioning
 
 Sinatra follows [Semantic Versioning](http://semver.org/), both SemVer and
@@ -2991,14 +3136,16 @@ SemVerTag.
   news, and links to other resources.
 * [Contributing](http://www.sinatrarb.com/contributing) - Find a bug? Need
   help? Have a patch?
-* [Issue tracker](http://github.com/sinatra/sinatra/issues)
-* [Twitter](http://twitter.com/sinatra)
+* [Issue tracker](https://github.com/sinatra/sinatra/issues)
+* [Twitter](https://twitter.com/sinatra)
 * [Mailing List](http://groups.google.com/group/sinatrarb/topics)
 * IRC: [#sinatra](irc://chat.freenode.net/#sinatra) on http://freenode.net
+* [Sinatra & Friends](https://sinatrarb.slack.com) on Slack and see
+  [here](https://sinatra-slack.herokuapp.com/) for an invite.
 * [Sinatra Book](https://github.com/sinatra/sinatra-book/) Cookbook Tutorial
 * [Sinatra Recipes](http://recipes.sinatrarb.com/) Community
   contributed recipes
-* API documentation for the [latest release](http://rubydoc.info/gems/sinatra)
-  or the [current HEAD](http://rubydoc.info/github/sinatra/sinatra) on
-  http://rubydoc.info
-* [CI server](http://travis-ci.org/sinatra/sinatra)
+* API documentation for the [latest release](http://www.rubydoc.info/gems/sinatra)
+  or the [current HEAD](http://www.rubydoc.info/github/sinatra/sinatra) on
+  http://www.rubydoc.info/
+* [CI server](https://travis-ci.org/sinatra/sinatra)