Controller for cross-domain iframes added

public/lucidAuth.validateRequest.php

@@ -14,7 +14,7 @@
 	$proxyHeaders = array_filter($proxyHeaders, function ($key) {
 		return substr($key, 0, 10) === 'XForwarded';
 	}, ARRAY_FILTER_USE_KEY);
-	
+
 	// For debugging purposes - enable it in ../lucidAuth.config.php
 	if ($settings->Debug['LogToFile']) {
 		file_put_contents('../requestHeaders.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- ' . (json_encode($proxyHeaders, JSON_FORCE_OBJECT)) . PHP_EOL, FILE_APPEND);
@@ -22,7 +22,7 @@
 
 	if (sizeof($proxyHeaders) === 0) {
 		// Non-proxied request; this is senseless, go fetch!
-		header("HTTP/1.1 403 Forbidden");
+		header("HTTP/1.1 400 Bad Request");
 		exit;
 	}