function restws_csrf_validation in RESTful Web Services 7
Same name and namespace in other branches
- 7.2 restws.module \restws_csrf_validation()
Ensures that a request with cookies has the required CSRF header set.
Return value
bool TRUE if the request passed the CSRF protection, FALSE otherwise.
1 call to restws_csrf_validation()
- restws_page_callback in ./
restws.module - Menu page callback.
File
- ./
restws.module, line 338 - RESTful web services module.
Code
function restws_csrf_validation() {
// This check only applies if the user was successfully authenticated and the
// request comes with a session cookie.
if (user_is_logged_in() && !empty($_COOKIE[session_name()])) {
return isset($_SERVER['HTTP_X_CSRF_TOKEN']) && drupal_valid_token($_SERVER['HTTP_X_CSRF_TOKEN'], 'restws');
}
return TRUE;
}