This project is not covered by Drupal’s security advisory policy.

Actions REST enables actions to be called on the URL, using a parameter encoding scheme of the form:

node/%nid/action/%action_callback?param1=value1&param2=value2&...

You can substitute node for other entity types (user, comment, etc.) If the parameters for a configurable action are not found on the URL, the action form is shown.

The risk of CSRF is reduced by using drupal_get_token() to sign action links. The action link implementation checks for a valid token before proceeding with the execution.

Project information

Releases