I validate all my forms data in the model layer but I also check where my form was submitted from (HTTP Referrer) and I also send a token with the form to help prevent Cross Site Request Forgeries and my question is where should these checks be done? In the controller or in the model layer?I validate all my forms data in the model layer