protected function ServicesSecurityTests::servicesPostNoCSRFHeader in Services 7.3
Copy of servicesPost method but without CSRF header.
1 call to ServicesSecurityTests::servicesPostNoCSRFHeader()
- ServicesSecurityTests::testSessionCSRF in tests/
functional/ ServicesSecurityTests.test
File
- tests/
functional/ ServicesSecurityTests.test, line 60
Class
Code
protected function servicesPostNoCSRFHeader($url, $data = array(), $headers = array(), $call_type = 'php') {
switch ($call_type) {
case 'php':
// Add .php to get serialized response.
$url = $this
->getAbsoluteUrl($url) . '.php';
// Otherwise Services will reject arguments.
$headers[] = "Content-type: application/x-www-form-urlencoded";
// Prepare arguments.
$post = drupal_http_build_query($data, '', '&');
break;
case 'json':
// Add .json to get json encoded response.
$url = $this
->getAbsoluteUrl($url) . '.json';
// Set proper headers.
$headers[] = "Content-type: application/json";
// Prepare arguments.
$post = json_encode($data);
break;
}
$content = $this
->curlExec(array(
CURLOPT_URL => $url,
CURLOPT_POST => TRUE,
CURLOPT_POSTFIELDS => $post,
CURLOPT_HTTPHEADER => $headers,
CURLOPT_HEADER => TRUE,
CURLOPT_RETURNTRANSFER => TRUE,
));
// Parse response.
list($info, $header, $status, $code, $body) = $this
->parseHeader($content, $call_type);
$this
->verbose('POST request to: ' . $url . '<hr />Arguments: ' . highlight_string('<?php ' . var_export($data, TRUE), TRUE) . '<hr />Raw POST body: ' . $post . '<hr />Response: ' . highlight_string('<?php ' . var_export($body, TRUE), TRUE) . '<hr />Curl info: ' . highlight_string('<?php ' . var_export($info, TRUE), TRUE) . '<hr />Raw response: ' . $content);
return array(
'header' => $header,
'status' => $status,
'code' => $code,
'body' => $body,
);
}