Change record status: 
Introduced in branch: 
Introduced in version: 

Drupal core no longer uses accept headers for routing but rather rely on a _format query parameter, because browser, (reverse) proxy and CDN support is very poor, and hence could lead to severe bugs. See #2364011: [meta] External caches mix up response formats on URLs where content negotiation is in use for more background.

This is an example to a hal_json request


curl -i -H "Accept: application/hal_json"


curl -i

This also leads to changed PHP api.
So if you want to link to a specific format you can now do that:

$url = Url::fromRoute('example_route')->setOption('query', ['_format' => 'hal_json']);
Module developers
Updates Done (doc team, etc.)
Online documentation: 
Not done
Theming guide: 
Not done
Module developer documentation: 
Not done
Examples project: 
Not done
Coder Review: 
Not done
Coder Upgrade: 
Not done
Other updates done


matt2000’s picture

That would be .... unfortunate. :-(

andythorne’s picture

I can see why a query parameter was added, but removing the accept header based route is a silly idea...

kylebrowning’s picture

This is really really sad to see.

HairMachine’s picture

Seconding requests for anyone who has an example that works - I'm currently just getting {"message": ""} back as well. Permissions seem to be fine, at least as far as I understand it (which admittedly is not very far!)

The views-based approach to creating RESTy feeds is super easy and seems to work perfectly, but this stuff... I'm struggling with.

vivekvpandya’s picture

For which method and which resource you want example ?

HairMachine’s picture

Thanks for replying!

I may have figured this out - I was trying with Postman / in the browser and not getting anything back, but curl works OK. Next step is to work out why that is - could be header related I guess. Or cookies.

kgthompson’s picture

Looks like it may be a cookie issue. If I use an incognito window then


works, while it returns
message: ""

if I use a tab in my logged in state


Returns {"message":"Not acceptable"} though, which is weird

cashwilliams’s picture

If you are having issues like this, check your permissions. By default the anonymous user does not have permission to GET a node's contents via REST (even though it has permission to view published content).

brian.reese’s picture

If others are still struggling with this, make sure you're including the underscore before '_format' in your query (I tried several times before noticing it was there!). Using basic auth, both json and hal_json requests work for me, d8 beta15