Revert "removing Rack::Runtime from the default stack."

This reverts commit 37423e4ff8.

Jeremy is right that we shouldn't remove this.  The fact is that many
engines are depending on this middleware to be in the default stack.
This ties our hands and forces us to keep the middleware in the stack so
that engines will work.  To be extremely clear, I think this is another
smell of "the rack stack" that we have in place.  When manipulating
middleware, we should have meaningful names for places in the req / res
lifecycle **not** have engines depend on a particular constant be in a
particular place in the stack.  This is a weakness of the API that we
have to figure out a way to address before removing the constant.

As far as timing attacks are concerned, we can reduce the granularity
such that it isn't useful information for hackers, but is still useful
for developers.

guides/source/api_app.md

@@ -188,6 +188,7 @@ An API application comes with the following middlewares by default:
 - `ActiveSupport::Cache::Strategy::LocalCache::Middleware`
 - `ActionDispatch::RequestId`
 - `Rails::Rack::Logger`
+- `Rack::Runtime`
 - `ActionDispatch::ShowExceptions`
 - `ActionDispatch::DebugExceptions`
 - `ActionDispatch::RemoteIp`

guides/source/command_line.md

@@ -412,7 +412,7 @@ Ruby version              2.2.2 (x86_64-linux)
 RubyGems version          2.4.6
 Rack version              1.6
 JavaScript Runtime        Node.js (V8)
-Middleware                Rack::Sendfile, ActionDispatch::Static, Rack::Lock, #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x007ffd131a7c88>, Rack::MethodOverride, ActionDispatch::RequestId, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::RemoteIp, ActionDispatch::Reloader, ActionDispatch::Callbacks, ActiveRecord::Migration::CheckPending, ActiveRecord::ConnectionAdapters::ConnectionManagement, ActiveRecord::QueryCache, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, Rack::Head, Rack::ConditionalGet, Rack::ETag
+Middleware                Rack::Sendfile, ActionDispatch::Static, Rack::Lock, #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x007ffd131a7c88>, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::RemoteIp, ActionDispatch::Reloader, ActionDispatch::Callbacks, ActiveRecord::Migration::CheckPending, ActiveRecord::ConnectionAdapters::ConnectionManagement, ActiveRecord::QueryCache, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, Rack::Head, Rack::ConditionalGet, Rack::ETag
 Application root          /home/foobar/commandsapp
 Environment               development
 Database adapter          sqlite3

guides/source/rails_on_rack.md

@@ -106,6 +106,7 @@ use Rack::Sendfile
 use ActionDispatch::Static
 use Rack::Lock
 use #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x000000029a0838>
+use Rack::Runtime
 use Rack::MethodOverride
 use ActionDispatch::RequestId
 use Rails::Rack::Logger

railties/CHANGELOG.md

@@ -1,6 +1,3 @@
-*   Removed Rack::Runtime from the default stack.  It can be added back via
-    `config.middleware.use ::Rack::Runtime`.
-
 *   Add fail fast to `bin/rails test`
 
     Adding `--fail-fast` or `-f` when running tests will interrupt the run on

railties/lib/rails/application/bootstrap.rb

@@ -63,7 +63,7 @@ INFO
           Rails.cache = ActiveSupport::Cache.lookup_store(config.cache_store)
 
           if Rails.cache.respond_to?(:middleware)
-            config.middleware.insert_before(::ActionDispatch::RequestId, Rails.cache.middleware)
+            config.middleware.insert_before(::Rack::Runtime, Rails.cache.middleware)
           end
         end
       end

railties/lib/rails/application/default_middleware_stack.rb

@@ -47,6 +47,7 @@ module Rails
             end
           end
 
+          middleware.use ::Rack::Runtime
           middleware.use ::Rack::MethodOverride unless config.api_only
           middleware.use ::ActionDispatch::RequestId
 

railties/test/application/middleware_test.rb

@@ -27,8 +27,9 @@ module ApplicationTests
         "Rack::Sendfile",
         "ActionDispatch::Static",
         "ActionDispatch::LoadInterlock",
-        "Rack::MethodOverride",
         "ActiveSupport::Cache::Strategy::LocalCache",
+        "Rack::Runtime",
+        "Rack::MethodOverride",
         "ActionDispatch::RequestId",
         "Rails::Rack::Logger", # must come after Rack::MethodOverride to properly log overridden methods
         "ActionDispatch::ShowExceptions",
@@ -58,6 +59,7 @@ module ApplicationTests
         "ActionDispatch::Static",
         "ActionDispatch::LoadInterlock",
         "ActiveSupport::Cache::Strategy::LocalCache",
+        "Rack::Runtime",
         "ActionDispatch::RequestId",
         "Rails::Rack::Logger", # must come after Rack::MethodOverride to properly log overridden methods
         "ActionDispatch::ShowExceptions",
@@ -166,19 +168,19 @@ module ApplicationTests
     end
 
     test "can delete a middleware from the stack even if insert_before is added after delete" do
-      add_to_config "config.middleware.delete ActionDispatch::ShowExceptions"
+      add_to_config "config.middleware.delete Rack::Runtime"
-      add_to_config "config.middleware.insert_before(ActionDispatch::ShowExceptions, Rack::Config)"
+      add_to_config "config.middleware.insert_before(Rack::Runtime, Rack::Config)"
       boot!
       assert middleware.include?("Rack::Config")
-      assert_not middleware.include?("ActionDispatch::ShowExceptions")
+      assert_not middleware.include?("Rack::Runtime")
     end
 
     test "can delete a middleware from the stack even if insert_after is added after delete" do
-      add_to_config "config.middleware.delete ActionDispatch::ShowExceptions"
+      add_to_config "config.middleware.delete Rack::Runtime"
-      add_to_config "config.middleware.insert_after(ActionDispatch::ShowExceptions, Rack::Config)"
+      add_to_config "config.middleware.insert_after(Rack::Runtime, Rack::Config)"
       boot!
       assert middleware.include?("Rack::Config")
-      assert_not middleware.include?("ActionDispatch::ShowExceptions")
+      assert_not middleware.include?("Rack::Runtime")
     end
 
     test "includes exceptions middlewares even if action_dispatch.show_exceptions is disabled" do
@@ -216,12 +218,12 @@ module ApplicationTests
     test "Rails.cache does not respond to middleware" do
       add_to_config "config.cache_store = :memory_store"
       boot!
-      assert_equal "Rack::MethodOverride", middleware.fourth
+      assert_equal "Rack::Runtime", middleware.fourth
     end
 
     test "Rails.cache does respond to middleware" do
       boot!
-      assert_equal "ActiveSupport::Cache::Strategy::LocalCache", middleware.fifth
+      assert_equal "Rack::Runtime", middleware.fifth
     end
 
     test "insert middleware before" do