public function handleRequest(HTTPRequest $request, DataModel $model = null) { try { $response = parent::handleRequest($request, $model); } catch (ValidationException $e) { // Nicer presentation of model-level validation errors $msgs = _t('LeftAndMain.ValidationError', 'Validation error') . ': ' . $e->getMessage(); $e = new HTTPResponse_Exception($msgs, 403); $errorResponse = $e->getResponse(); $errorResponse->addHeader('Content-Type', 'text/plain'); $errorResponse->addHeader('X-Status', rawurlencode($msgs)); $e->setResponse($errorResponse); throw $e; } $title = $this->Title(); if (!$response->getHeader('X-Controller')) { $response->addHeader('X-Controller', $this->class); } if (!$response->getHeader('X-Title')) { $response->addHeader('X-Title', urlencode($title)); } // Prevent clickjacking, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options $originalResponse = $this->getResponse(); $originalResponse->addHeader('X-Frame-Options', $this->config()->frame_options); $originalResponse->addHeader('Vary', 'X-Requested-With'); return $response; }