x_sendfile_header now defaults to nil and production.rb env file doesn't

set a particular value for it. This allows servers to set it through
X-Sendfile-Type, read
https://github.com/rack/rack/blob/master/lib/rack/sendfile.rb for more
info. Anyways you can force this value in your production.rb

actionpack/lib/action_controller/metal/data_streaming.rb

@@ -17,7 +17,7 @@ module ActionController #:nodoc:
     protected
       # Sends the file. This uses a server-appropriate method (such as X-Sendfile)
       # via the Rack::Sendfile middleware. The header to use is set via
-      # config.action_dispatch.x_sendfile_header, and defaults to "X-Sendfile".
+      # config.action_dispatch.x_sendfile_header.
       # Your server can also configure this for you by setting the X-Sendfile-Type header.
       #
       # Be careful to sanitize the path parameter if it is coming from a web

actionpack/lib/action_dispatch/railtie.rb

@@ -4,7 +4,7 @@ require "rails"
 module ActionDispatch
   class Railtie < Rails::Railtie
     config.action_dispatch = ActiveSupport::OrderedOptions.new
-    config.action_dispatch.x_sendfile_header = ""
+    config.action_dispatch.x_sendfile_header = nil
     config.action_dispatch.ip_spoofing_check = true
     config.action_dispatch.show_exceptions = true
     config.action_dispatch.best_standards_support = true

railties/lib/rails/application.rb

@@ -163,9 +163,7 @@ module Rails
         middleware.use ::Rails::Rack::Logger # must come after Rack::MethodOverride to properly log overridden methods
         middleware.use ::ActionDispatch::ShowExceptions, config.consider_all_requests_local
         middleware.use ::ActionDispatch::RemoteIp, config.action_dispatch.ip_spoofing_check, config.action_dispatch.trusted_proxies
-        if config.action_dispatch.x_sendfile_header.present?
-          middleware.use ::Rack::Sendfile, config.action_dispatch.x_sendfile_header
-        end
+        middleware.use ::Rack::Sendfile, config.action_dispatch.x_sendfile_header
         middleware.use ::ActionDispatch::Reloader unless config.cache_classes
         middleware.use ::ActionDispatch::Callbacks
         middleware.use ::ActionDispatch::Cookies

railties/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt

@@ -15,8 +15,8 @@
   config.assets.compress = true
 
   # Specifies the header that your server uses for sending files
-  # (comment out if your front-end server doesn't support this)
-  config.action_dispatch.x_sendfile_header = "X-Sendfile" # Use 'X-Accel-Redirect' for nginx
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   # config.force_ssl = true

railties/test/application/middleware/sendfile_test.rb

@@ -27,11 +27,12 @@ module ApplicationTests
     end
 
     # x_sendfile_header middleware
-    test "config.action_dispatch.x_sendfile_header defaults to ''" do
+    test "config.action_dispatch.x_sendfile_header defaults to nil" do
       make_basic_app
       simple_controller
 
       get "/"
+      assert !last_response.headers["X-Sendfile"]
       assert_equal File.read(__FILE__), last_response.body
     end
 

railties/test/application/middleware_test.rb

@@ -20,8 +20,6 @@ module ApplicationTests
     end
 
     test "default middleware stack" do
-      add_to_config "config.action_dispatch.x_sendfile_header = 'X-Sendfile'"
-
       boot!
 
       assert_equal [
@@ -49,12 +47,6 @@ module ApplicationTests
       ], middleware
     end
 
-    test "Rack::Sendfile is not included by default" do
-      boot!
-
-      assert !middleware.include?("Rack::Sendfile"), "Rack::Sendfile is not included in the default stack unless you set config.action_dispatch.x_sendfile_header"
-    end
-
     test "Rack::Cache is present when action_controller.perform_caching is set" do
       add_to_config "config.action_controller.perform_caching = true"