loader.rb in lotusrb-0.3.0

- old
+ new

@@ -3,10 +3,11 @@
 require 'lotus/utils/string'
 require 'lotus/routes'
 require 'lotus/routing/default'
 require 'lotus/action/cookies'
 require 'lotus/action/session'
+require 'lotus/config/security'
 
 module Lotus
   # Load an application
   #
   # @since 0.1.0
@@ -47,11 +48,18 @@
       config = configuration
       unless namespace.const_defined?('Controller')
         controller = Lotus::Controller.duplicate(namespace) do
           handle_exceptions config.handle_exceptions
           default_format    config.default_format
+          default_headers({
+            Lotus::Config::Security::X_FRAME_OPTIONS_HEADER         => config.security.x_frame_options,
+            Lotus::Config::Security::CONTENT_SECURITY_POLICY_HEADER => config.security.content_security_policy
+          })
 
-          prepare { include Lotus::Action::Cookies } if config.cookies
+          if config.cookies.enabled?
+            prepare { include Lotus::Action::Cookies }
+            cookies config.cookies.default_options
+          end
           prepare { include Lotus::Action::Session } if config.sessions.enabled?
 
           config.controller.__apply(self)
         end
 