allow headers to be removed

app/controllers/application_controller.rb

@@ -5,6 +5,7 @@ class ApplicationController < ActionController::Base
   helper_method :current_user_session, :current_user, :logged_in?, :is_admin?, :get_header_value, :to_bytes
   protect_from_forgery
   before_filter :allow_cross_domain_access, :set_variables
+  after_filter :remove_headers
 
   # responds with blank
   def respond_with_blank
@@ -53,6 +54,11 @@ class ApplicationController < ActionController::Base
 
   private
 
+    # remove headers if necessary
+    def remove_headers
+      response.headers.delete_if {|key| true} if params[:headers] == 'false'
+    end
+
     # allow javascript requests from any domain
     def allow_cross_domain_access
       response.headers['Access-Control-Allow-Origin'] = '*'

app/controllers/plugins_controller.rb

@@ -6,7 +6,7 @@ class PluginsController < ApplicationController
   def check_permission
     @plugin = Plugin.find(params[:id])
     if @plugin.user_id != current_user.id
-      render :text=> "#{t(:permission)} #{t(:plugin)}", :layout => true
+      render :text=> "#{t(:permission)} #{t(:plugin)}", :layout => true and return
       return true
     end
     return false
@@ -159,3 +159,4 @@ class PluginsController < ApplicationController
     redirect_to plugins_path
   end
 end
+