Rossen mentioned that it would help if I elaborated a bit to help better understand the reason for this request.
Spring Security is adding support for providing a white list of valid HTTP methods to better protect users against HTTP Verb tampering and XST attacks. Since Spring Security will reject an HTTP method of empty String and MockHttpServletRequest defaults to an empty string HTTP method this means that there will be lots of our users tests that no longer pass. One could argue Spring Security should not make such a change, but the changes should not impact real world applications in a negative manner.
For MockMvc I only meant that it is a more opinionated layer with a start to end request lifecycle that aims to approximate actual behavior of Servlet containers. The MockHttpServletRequest and response on the other hand have always been just a foundation, it's up to anyone to set them up in whatever way fits the test scenario, possibly for a very fine-grained unit test.
So I'm included to say this should be solved at a different level. Either way tests are going to break and it seems reasonable to expect tests that run with Spring Security, and are more integration than unit tests, to have to set up an HTTP method explicitly, or break.