Return an unauthorised header unless the request format is xml?

Hi,

I'd like to return a header that indicates an action is unauthorised
unless the request was an xml request. I'm using REST in my
controllers and I only want create, delete and update capability for
those requests that come from activerecord.

How do I just return the relevant headers without performing the
action when create, delete or update requests come in from html?

so far I have:

head :unauthorized(?) unless request.format.xml?

I don't think :unauthorized exists as one of the status' I just put it
in to show what I am trying to do.

I tried a before filter that renders that header but that causes two a
double render error.

Any suggestions?

Toby

Sorry when I said activerecord above I meant activeresource.