core/modules/file/src/FileServiceProvider.php      | 24 ---------------------
 .../Plugin/rest/resource/FileUploadResource.php    | 25 ++++++----------------
 core/modules/hal/hal.services.yml                  |  2 +-
 .../EventSubscriber/ResourceResponseSubscriber.php |  8 +++----
 core/modules/rest/src/Routing/ResourceRoutes.php   |  6 ++----
 5 files changed, 13 insertions(+), 52 deletions(-)

diff --git a/core/modules/file/src/FileServiceProvider.php b/core/modules/file/src/FileServiceProvider.php
deleted file mode 100644
index 35dd4a5..0000000
--- a/core/modules/file/src/FileServiceProvider.php
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php
-
-namespace Drupal\file;
-
-
-use Drupal\Core\DependencyInjection\ContainerBuilder;
-use Drupal\Core\DependencyInjection\ServiceModifierInterface;
-use Drupal\Core\StackMiddleware\NegotiationMiddleware;
-
-/**
- * Adds 'application/octet-stream' as a known (bin) format.
- */
-class FileServiceProvider implements ServiceModifierInterface {
-
-  /**
-   * {@inheritdoc}
-   */
-  public function alter(ContainerBuilder $container) {
-    if ($container->has('http_middleware.negotiation') && is_a($container->getDefinition('http_middleware.negotiation')->getClass(), NegotiationMiddleware::class, TRUE)) {
-      $container->getDefinition('http_middleware.negotiation')->addMethodCall('registerFormat', ['bin', ['application/octet-stream']]);
-    }
-  }
-
-}
diff --git a/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php b/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php
index acb2a88..d60d175 100644
--- a/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php
+++ b/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php
@@ -147,14 +147,15 @@ public function post(Request $request, $entity_type_id, $bundle, $field_name) {
     }
 
     // Check the destination file path is writable.
+    file_prepare_directory($destination);
     if (!is_writable($this->fileSystem->realpath($destination))) {
       throw new HttpException(500, 'Destination file path is not writable');
     }
 
     // Create the file.
-    $file_uri = "{$destination}{$filename}";
+    $file_uri = "{$destination}/{$filename}";
 
-    $this->streamUploadData($file_uri);
+    $file_uri = $this->streamUploadData($file_uri);
 
     // Begin building file entity.
     $values = [
@@ -205,7 +206,7 @@ protected function streamUploadData($destination_uri) {
 
       // Move the file to the correct location based on the file entity,
       // replacing any existing file.
-      if (!file_unmanaged_move($temp_file_name, $destination_uri)) {
+      if (!($new_temp_filename = file_unmanaged_move($temp_file_name, $destination_uri))) {
         throw new HttpException(500, 'Temporary file could not be moved to file location');
       }
     }
@@ -215,6 +216,7 @@ protected function streamUploadData($destination_uri) {
     }
 
     fclose($file_data);
+    return $new_temp_filename;
   }
 
   /**
@@ -243,7 +245,7 @@ protected function validateAndLoadFieldDefinition($entity_type_id, $bundle, $fie
     $field_definition = $field_definitions[$field_name];
 
     // Check access.
-    if (!$field_definition->access('create')) {
+    if (!\Drupal::entityTypeManager()->getAccessControlHandler($entity_type_id)->fieldAccess('create', $field_definition)) {
       throw new AccessDeniedHttpException(sprintf('Access denied for field "%s"', $field_name));
     }
 
@@ -345,20 +347,5 @@ protected function getBaseRoute($canonical_path, $method) {
     );
   }
 
-  /**
-   * {@inheritdoc}
-   */
-  protected function getBaseRouteRequirements($method) {
-    $requirements = parent::getBaseRouteRequirements($method);
-
-    // Add the content type format access check. This will enforce that all
-    // incoming requests can only use the 'application/octet-stream'
-    // Content-Type header.
-    $requirements['_content_type_format'] = 'bin';
-    $requirements['_format'] = implode('|', $this->serializerFormats);
-
-    return $requirements;
-  }
-
 
 }
diff --git a/core/modules/hal/hal.services.yml b/core/modules/hal/hal.services.yml
index a2badfa..b2c898f 100644
--- a/core/modules/hal/hal.services.yml
+++ b/core/modules/hal/hal.services.yml
@@ -16,7 +16,7 @@ services:
     class: Drupal\hal\Normalizer\FileEntityNormalizer
     tags:
       - { name: normalizer, priority: 20 }
-    arguments: ['@entity.manager', '@hal.link_manager', '@module_handler']
+    arguments: ['@entity.manager', '@http_client', '@hal.link_manager', '@module_handler']
   serializer.normalizer.timestamp_item.hal:
    class: Drupal\hal\Normalizer\TimestampItemNormalizer
    tags:
diff --git a/core/modules/rest/src/EventSubscriber/ResourceResponseSubscriber.php b/core/modules/rest/src/EventSubscriber/ResourceResponseSubscriber.php
index 58a863e..df77281 100644
--- a/core/modules/rest/src/EventSubscriber/ResourceResponseSubscriber.php
+++ b/core/modules/rest/src/EventSubscriber/ResourceResponseSubscriber.php
@@ -96,7 +96,7 @@ public function getResponseFormat(RouteMatchInterface $route_match, Request $req
     $route = $route_match->getRouteObject();
     $acceptable_request_formats = $route->hasRequirement('_format') ? explode('|', $route->getRequirement('_format')) : [];
     $acceptable_content_type_formats = $route->hasRequirement('_content_type_format') ? explode('|', $route->getRequirement('_content_type_format')) : [];
-    $fallback_acceptable_formats = $request->isMethodCacheable() ? $acceptable_request_formats : $acceptable_content_type_formats;
+    $acceptable_formats = $request->isMethodCacheable() ? $acceptable_request_formats : $acceptable_content_type_formats;
 
     $requested_format = $request->getRequestFormat();
     $content_type_format = $request->getContentType();
@@ -104,7 +104,7 @@ public function getResponseFormat(RouteMatchInterface $route_match, Request $req
     // If an acceptable format is requested, then use that. Otherwise, including
     // and particularly when the client forgot to specify a format, then use
     // heuristics to select the format that is most likely expected.
-    if (in_array($requested_format, $acceptable_request_formats)) {
+    if (in_array($requested_format, $acceptable_formats)) {
       return $requested_format;
     }
     // If a request body is present, then use the format corresponding to the
@@ -114,8 +114,8 @@ public function getResponseFormat(RouteMatchInterface $route_match, Request $req
       return $content_type_format;
     }
     // Otherwise, use the first acceptable format.
-    elseif (!empty($fallback_acceptable_formats)) {
-      return $fallback_acceptable_formats[0];
+    elseif (!empty($acceptable_formats)) {
+      return $acceptable_formats[0];
     }
     // Sometimes, there are no acceptable formats, e.g. DELETE routes.
     else {
diff --git a/core/modules/rest/src/Routing/ResourceRoutes.php b/core/modules/rest/src/Routing/ResourceRoutes.php
index 23d8487..5ba4c5d 100644
--- a/core/modules/rest/src/Routing/ResourceRoutes.php
+++ b/core/modules/rest/src/Routing/ResourceRoutes.php
@@ -121,10 +121,8 @@ protected function getRoutesForResourceConfig(RestResourceConfigInterface $rest_
         // - set the allowed authentication providers
         if (in_array($method, ['POST', 'PATCH', 'PUT'], TRUE)) {
           // Restrict the incoming HTTP Content-type header to the allowed
-          // formats if it hasn't already been set by the rest resource plugin.
-          if (!$route->hasRequirement('_content_type_format')) {
-            $route->addRequirements(['_content_type_format' => implode('|', $rest_resource_config->getFormats($method))]);
-          }
+          // formats.
+          $route->addRequirements(['_content_type_format' => implode('|', $rest_resource_config->getFormats($method))]);
         }
         $route->setOption('_auth', $rest_resource_config->getAuthenticationProviders($method));
         $route->setDefault('_rest_resource_config', $rest_resource_config->id());