Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Install
Works with Drupal: 7.xUsing Composer to manage Drupal site dependencies
Downloads
Download restws-7.x-1.2.tar.gztar.gz
18.74 KB
MD5: abbd6b95507faeb7cab80c8eae0e31f5
SHA-1: 76e0988a75bc2b380d84417bb5ebf1b05546335a
SHA-256: 21e29352e89c840bfbd79acfe8e8c10a65b88169ed00f790d0d13eb276784c24
Download restws-7.x-1.2.zipzip
22.66 KB
MD5: afd9e11c1c2dd376def2e503b92a1ffc
SHA-1: 5dd02a294de3f3448b42038956ca615776d42c41
SHA-256: a71da11761109feb3e7e8f0d6904abaa19e746f26bea5beeb6aaf0d0bb494bf9
Release notes
See also SA-CONTRIB-2013-003
This release comes with a major API change for clients. A security token has been introduced to guard against CSRF attacks. This change only affects you if
* your client uses cookie-based user authentication and
* your client performs write operations (POST, PUT or DELETE).
Clients that only read data (GET requests) still work the same. Clients that use other authentication mechanisms (like restws_basic_auth) remain unaffected as well.
In order to still write to your Drupal installation those cookie-using clients need to add an X-CSRF-Token header to their HTTP requests. The token can be retrieved from http://example.com/restws/session/token (replace the URL with your site accordingly). You can also generate the token yourself and deliver it with JavaScript settings on the HTML page if you are calling back to the web service interface from JavaScript. That avoids an additional HTTP request just to get the token:
drupal_add_js(array('restws_csrf_token' => drupal_get_token('restws')), 'setting');
An example for the usage of the X-CSRF-Token header with PHP's cURL can be found in the Simpletests.
