See also SA-CONTRIB-2013-003
This release comes with a major API change for clients. A security token has been introduced to guard against CSRF attacks. This change only affects you if
* your client uses cookie-based user authentication and
* your client performs write operations (POST, PUT or DELETE).
Clients that only read data (GET requests) still work the same. Clients that use other authentication mechanisms (like restws_basic_auth) remain unaffected as well.
drupal_add_js(array('restws_csrf_token' => drupal_get_token('restws')), 'setting');
An example for the usage of the X-CSRF-Token header with PHP's cURL can be found in the Simpletests.
Changes since 7.x-2.0-alpha3:
- Introduced a session token for write operations from cookie-based clients.
- #1878064 by whurleyf1: Added alter hook for response.