Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I'm allowed to make a post to a custom resource created by me with Basic Auth:
Content-Type: "application/xml"
Authorization: "Basic YWTAFIKOJINMTWQEMOLdhAGF=="
But if I try with session, I can't (it responds with the page in HTML and "Unauthorized" in tag):
Content-Type: "application/xml"
X-CSRF-Token: "nf2dfhfdhy-5mhdfhfd4r9_sffsaasf5hjQGsgdsdggsdy1y8"
Set-Cookie: "SESS266960de52180e8c687434170f6476605b=yHHE01gGfWh_axeOgoAdU-Vd56PCE7HgfP-FtekrjN5s"
It must be an error because if it was a wrong token or cookie it would be an xml response not an html response.
Comment | File | Size | Author |
---|---|---|---|
#10 | 4.png | 5.58 KB | bdominguez |
#10 | 3.png | 34.06 KB | bdominguez |
#10 | 2.png | 144.06 KB | bdominguez |
#10 | 1.png | 54.64 KB | bdominguez |
Comments
Comment #2
cilefen CreditAttribution: cilefen commentedI am bumping this down to "Major" priority until the impact is understood.
Comment #3
Wim LeersWhat is the exact response you're getting?
Also, in 8.0.x-dev (and 8.1.x-dev), we've made a lot of improvements in this area.
Comment #6
bdominguez CreditAttribution: bdominguez commentedMy endpoint it's configured like this (also I don't understand why "Rest UI" exposes "/node/{node}" and then I used it like "/entity/node"):
http://i.imgur.com/IFoZg5E.png
My successful request with "Basic Auth" (test with no body):
http://i.imgur.com/2rzdwvr.png>
My two tests on Postman with "Cookie" (also testing with no body):
1 - With "_format=xml":
http://i.imgur.com/6iz3rgn.png
2 - Without it:
http://i.imgur.com/K9X6kdL.png
There are only examples with "Basic Auth" so it's almost impossible to find information and documentation on Drupal or Google.
I think it's a bug.
Comment #7
Wim Leers(You posted that same comment four times. I deleted comments 4, 5 and 7 since they were duplicates.)
Comment #8
bdominguez CreditAttribution: bdominguez commentedSorry, I couldn't see my comments (something cache related).
In my previous comment you have all the info.
Comment #9
Wim LeersPlease upload screenshots to d.o, not to imgur.com. They'll be lost in the future otherwise. Can you please re-upload them here?
Then please also post the XML you're sending in the request body. Then I'll be able to answer it.
Comment #10
bdominguez CreditAttribution: bdominguez commentedHere you have the images.
I'm not sending a body because I'm testing with simple requests, I can't reach a situation where it leads to "not sending fields" error. I have request errors.
In the screenshots you have all the info.
Comment #11
bdominguez CreditAttribution: bdominguez commentedComment #12
Wim LeersIn 1.png you see that the complaint is you're not providing credentials.
In 3.png, you are providing credentials, but it's telling you
. So, you need to specify atype
("content type" in the UI, "Node Bundle" in code terminology), such astype=article
ortype=page
.If you're not sending a body, of course you're going to get errors. POST requires a body to be sent that contains the data you want to POST, a POST without a body is meaningless and cannot do anything.
Comment #13
bdominguez CreditAttribution: bdominguez commentedBut read "#6" where it's my explanation.
I want to use "Cookie" based authentication not "Basic Auth". I provided a "Basic Auth" screenshot to see that the problem I have only occurs with "Cookie" based authentication.
The error in "3.png" it's expected, I don't provide any body.
But If you see "1.png" I get another error and in "2.png" another error. I should have a response like in "3.png". That's why I think that it's a bug.
Comment #14
bdominguez CreditAttribution: bdominguez commentedComment #15
Wim LeersI agree that is confusing — see #2293697: EntityResource POST routes all use the confusing default: use entity types' https://www.drupal.org/link-relations/create link template if available where we are fixing that.
That was not a successful request. There's an error: you're missing the bundle.
Another error: this one says you didn't provide authentication credentials. Look at the screenshot: you didn't provide Basic Auth credentials, but a cookie. More importantly, you did not provide a
X-CSRF-Token
. We are fixing the crappy feedback in #2681911: REST requests without X-CSRF-Token header: unhelpful response significantly hinders DX, should receive a 401 response.Right, without
?_format=xml
, you're just going to get the HTML response.So, in conclusion:
A few days after we had this exchange, I updated lots of REST documentation and wrote http://wimleers.com/blog/restless-week. Please see https://www.drupal.org/documentation/modules/rest/start + https://www.drupal.org/documentation/modules/rest/get + https://www.drupal.org/documentation/modules/rest/post, those should help you get started :)
Comment #16
Wim Leers