You are here

function restws_csrf_validation in RESTful Web Services 7

Same name and namespace in other branches
  1. 7.2 restws.module \restws_csrf_validation()

Ensures that a request with cookies has the required CSRF header set.

Return value

bool TRUE if the request passed the CSRF protection, FALSE otherwise.

1 call to restws_csrf_validation()
restws_page_callback in ./restws.module
Menu page callback.

File

./restws.module, line 338
RESTful web services module.

Code

function restws_csrf_validation() {

  // This check only applies if the user was successfully authenticated and the
  // request comes with a session cookie.
  if (user_is_logged_in() && !empty($_COOKIE[session_name()])) {
    return isset($_SERVER['HTTP_X_CSRF_TOKEN']) && drupal_valid_token($_SERVER['HTTP_X_CSRF_TOKEN'], 'restws');
  }
  return TRUE;
}