diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 6c1a730935a..aae54fb34bc 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -512,7 +512,7 @@ module API
     # `request`. We workaround this by defining methods that returns the right
     # values.
     def define_params_for_grape_middleware
-      self.define_singleton_method(:request) { Rack::Request.new(env) }
+      self.define_singleton_method(:request) { ActionDispatch::Request.new(env) }
       self.define_singleton_method(:params) { request.params.symbolize_keys }
     end
 
diff --git a/lib/gitlab/etag_caching/middleware.rb b/lib/gitlab/etag_caching/middleware.rb
index 0341f930b9c..a11d6b66409 100644
--- a/lib/gitlab/etag_caching/middleware.rb
+++ b/lib/gitlab/etag_caching/middleware.rb
@@ -8,7 +8,7 @@ module Gitlab
       end
 
       def call(env)
-        request = Rack::Request.new(env)
+        request = ActionDispatch::Request.new(env)
         route = Gitlab::EtagCaching::Router.match(request.path_info)
         return @app.call(env) unless route
 
diff --git a/lib/gitlab/middleware/basic_health_check.rb b/lib/gitlab/middleware/basic_health_check.rb
index f2a03217098..acf8c301b8f 100644
--- a/lib/gitlab/middleware/basic_health_check.rb
+++ b/lib/gitlab/middleware/basic_health_check.rb
@@ -24,7 +24,7 @@ module Gitlab
       def call(env)
         return @app.call(env) unless env['PATH_INFO'] == HEALTH_PATH
 
-        request = Rack::Request.new(env)
+        request = ActionDispatch::Request.new(env)
 
         return OK_RESPONSE if client_ip_whitelisted?(request)
 
diff --git a/lib/gitlab/middleware/read_only/controller.rb b/lib/gitlab/middleware/read_only/controller.rb
index 89941a9efa0..f142f9da43d 100644
--- a/lib/gitlab/middleware/read_only/controller.rb
+++ b/lib/gitlab/middleware/read_only/controller.rb
@@ -60,7 +60,7 @@ module Gitlab
         end
 
         def request
-          @env['rack.request'] ||= Rack::Request.new(@env)
+          @env['actionpack.request'] ||= ActionDispatch::Request.new(@env)
         end
 
         def last_visited_url
diff --git a/lib/gitlab/request_context.rb b/lib/gitlab/request_context.rb
index f8f8ec789ce..d9811e036d3 100644
--- a/lib/gitlab/request_context.rb
+++ b/lib/gitlab/request_context.rb
@@ -13,7 +13,7 @@ module Gitlab
     end
 
     def call(env)
-      req = Rack::Request.new(env)
+      req = ActionDispatch::Request.new(env)
 
       Gitlab::SafeRequestStore[:client_ip] = req.ip
 
diff --git a/spec/lib/gitlab/auth/user_auth_finders_spec.rb b/spec/lib/gitlab/auth/user_auth_finders_spec.rb
index 4e4c8b215c2..1e2aebdc84b 100644
--- a/spec/lib/gitlab/auth/user_auth_finders_spec.rb
+++ b/spec/lib/gitlab/auth/user_auth_finders_spec.rb
@@ -9,7 +9,7 @@ describe Gitlab::Auth::UserAuthFinders do
       'rack.input' => ''
     }
   end
-  let(:request) { Rack::Request.new(env) }
+  let(:request) { ActionDispatch::Request.new(env) }
 
   def set_param(key, value)
     request.update_param(key, value)
diff --git a/spec/lib/gitlab/request_context_spec.rb b/spec/lib/gitlab/request_context_spec.rb
index 8a28ad0e597..fd443cc1f71 100644
--- a/spec/lib/gitlab/request_context_spec.rb
+++ b/spec/lib/gitlab/request_context_spec.rb
@@ -15,7 +15,7 @@ describe Gitlab::RequestContext do
         let(:ip) { '192.168.1.11' }
 
         before do
-          allow_any_instance_of(Rack::Request).to receive(:ip).and_return(ip)
+          allow_any_instance_of(ActionDispatch::Request).to receive(:ip).and_return(ip)
           described_class.new(app).call(env)
         end
 
diff --git a/spec/lib/omni_auth/strategies/jwt_spec.rb b/spec/lib/omni_auth/strategies/jwt_spec.rb
index c2e2db27362..c1eaf0bb0bf 100644
--- a/spec/lib/omni_auth/strategies/jwt_spec.rb
+++ b/spec/lib/omni_auth/strategies/jwt_spec.rb
@@ -25,6 +25,8 @@ describe OmniAuth::Strategies::Jwt do
       subject.options[:secret] = secret
       subject.options[:algorithm] = algorithm
 
+      # We use Rack::Request instead of ActionDispatch::Request because
+      # Rack::Test::Methods enables testing of this module.
       expect_next_instance_of(Rack::Request) do |rack_request|
         expect(rack_request).to receive(:params).and_return('jwt' => payload)
       end
diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb
index 939e870ec53..5b625fd47be 100644
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -387,7 +387,7 @@ describe 'Git HTTP requests' do
 
               it "responds with status 401" do
                 expect(Rack::Attack::Allow2Ban).to receive(:filter).and_return(true)
-                allow_any_instance_of(Rack::Request).to receive(:ip).and_return('1.2.3.4')
+                allow_any_instance_of(ActionDispatch::Request).to receive(:ip).and_return('1.2.3.4')
 
                 clone_get(path, env)
 
@@ -548,7 +548,7 @@ describe 'Git HTTP requests' do
                   maxretry = options[:maxretry] - 1
                   ip = '1.2.3.4'
 
-                  allow_any_instance_of(Rack::Request).to receive(:ip).and_return(ip)
+                  allow_any_instance_of(ActionDispatch::Request).to receive(:ip).and_return(ip)
                   Rack::Attack::Allow2Ban.reset(ip, options)
 
                   maxretry.times.each do