lib/lotus/generators/application/app/config/application.rb.tt in lotusrb-0.4.1 vs lib/lotus/generators/application/app/config/application.rb.tt in lotusrb-0.5.0

@@ -82,12 +82,17 @@
       # middleware.use Rack::Protection
 
       # Default format for the requests that don't specify an HTTP_ACCEPT header
       # Argument: A symbol representation of a mime type, default to :html
       #
-      # default_format :html
+      # default_request_format :html
 
+      # Default format for responses that doesn't take into account the request format
+      # Argument: A symbol representation of a mime type, default to :html
+      #
+      # default_response_format :html
+
       # HTTP Body parsers
       # Parse non GET responses body for a specific mime type
       # Argument: Symbol, which represent the format of the mime type (only `:json` is supported)
       #           Object, the parser
       #
@@ -144,11 +149,11 @@
       # plugins, etc.
       #
       # Web applications can send this header to mitigate Cross Site Scripting
       # (XSS) attacks.
       #
-      # The default value allows images, scripts, AJAX, and CSS from the same
+      # The default value allows images, scripts, AJAX, fonts and CSS from the same
       # origin, and does not allow any other resources to load (eg object,
       # frame, media, etc).
       #
       # Inline JavaScript is NOT allowed. To enable it, please use:
       # "script-src 'unsafe-inline'".
@@ -167,10 +172,10 @@
       # Content Security Policy usage:
       #
       #  * http://content-security-policy.com/
       #  * https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_Content_Security_Policy
       #
-      security.content_security_policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';"
+      security.content_security_policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; font-src 'self';"
 
       ##
       # FRAMEWORKS
       #