This changes the parent commit's :session option semantics just slightly. The :session option must be passed as part of the options Hash -- the body arg is assumed to be params or a POST/PUT body. Also, the mapping from :session to HTTP_COOKIE has been switched to 'rack.session' - mapping it to HTTP_COOKIE doesn't make any sense. While here, refactor the make_request method to make it more obvious that we're really just building up the options Hash for MockRequest.
The app's middleware pipeline was ignored when the app itself was run as middleware. This was due to the separate call paths for middleware vs. endpoint apps. This change makes it so that both endpoint and middleware apps are invoked via the same instance level #call method. One potentially confusing aspect of this change is that Base.new now returns the head of the app's middleware pipeline. If no middleware is used by the app, this will be an instance of the Base class; however, if middleware is used, Base.new will return the head of the middleware chain leading to the Base instance.
Responses to HEAD requests _should_ have a Content-Length header that's identical to GET requests. When a body is provided by the application, set the Content-Length header to the size of the body and replace the body with an empty Array; when no body is provided by the application in response to a HEAD request, and the Content-Length is calculated to be "0", remove the Content-Length header entirely to avoid mis-matched values. The idea here is that it's better to omit the header when we believe the Content-Length is not indicative of the same in response to GET than to send the Content-Length with a mismatched value. Logic taken from Apache and is generally in line with RFC 2616.
sr commented this out during some refactoring but I'd like to leave it in for now.