Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By dawehner on
Change record status:
Published (View all published change records)
Project:
Introduced in branch:
8.0.x
Introduced in version:
8.0.0-beta12
Issue links:
Description:
Drupal core no longer uses accept headers for routing but rather rely on a _format query parameter, because browser, (reverse) proxy and CDN support is very poor, and hence could lead to severe bugs. See #2364011: [meta] External caches mix up response formats on URLs where content negotiation is in use for more background.
This is an example to a hal_json request
Before
curl -i http://d8.dev/node/1 -H "Accept: application/hal_json"
After
curl -i http://d8.dev/node/1?_format=hal_json
This also leads to changed PHP api.
So if you want to link to a specific format you can now do that:
$url = Url::fromRoute('example_route')->setOption('query', ['_format' => 'hal_json']);
Impacts:
Module developers
Comments
Did this really remove the ability to use the Accept Header?
That would be .... unfortunate. :-(
I can see why a query
I can see why a query parameter was added, but removing the accept header based route is a silly idea...
This is really really sad to
This is really really sad to see.
Don't forget the underscore in '_format'
If others are still struggling with this, make sure you're including the underscore before '_format' in your query (I tried several times before noticing it was there!). Using basic auth, both json and hal_json requests work for me, d8 beta15
@dawehner
@dawehner
Would be nice to link in a list of known issues..
json:api is an exception; _format incompatible
This is also no longer totally true for all of Drupal core; json:api being the major exception. In fact, you will get a helpful (but still fatal) validation error from json:api when using
_format, since it does not comport with the spec. (In fact, you should pass at leastAccept: application/vnd.api+jsonwhen using json:api, but it's not technically required as the request format is set by virtue of the path you're accessing.For those asking about the reasoning behind this CR, the linked issue in the summary (after the bold text) has a few good examples.