See also SA-CONTRIB-2013-003
This release comes with a major API change for clients. A security token has been introduced to guard against CSRF attacks. This change only affects you if
* your client uses cookie-based user authentication and
* your client performs write operations (POST, PUT or DELETE).
Clients that only read data (GET requests) still work the same. Clients that use other authentication mechanisms (like restws_basic_auth) remain unaffected as well.
drupal_add_js(array('restws_csrf_token' => drupal_get_token('restws')), 'setting');
An example for the usage of the X-CSRF-Token header with PHP's cURL can be found in the Simpletests.