Inside browser, I am always getting POST http://mysite.com/server/system/connect 401 (Unauthorized: CSRF validation failed)

[giorgio79]

Hello, I am trying the sample code in a browser, and always getting: CSRF validation failed.

        var drupal = new Drupal();
        drupal.setRestPath("http://mysite.com/", "server");

        drupal.systemConnect(
        //success
        function(sessionData) {
            var uid = sessionData.user.uid;
            console.log('session found for user '+uid);
        },
        //failure
        function(error) {
            console.log(error);
        }
        );

I also tried drupal.getCsrfToken ( function(e) { console.log(e); });

and I am getting a valid CSRF token. Any tips why this is failing?

[jbeuckm]

This is probably a server configuration problem. Are you using Services 3.5 with Session Authentication? Have you enabled the correct request parser and mime types in your service?

[giorgio79]

Thx for coming back. I will try to double check, but meanwhile the alternative drupal js client worked in the same environment without any changes (a simple html on my desktop comp) https://github.com/travist/drupal.api.js, so went with that for now.

[jbeuckm]

Are you also logged into the Drupal web interface in the same browser? I just had this happen and drupal-client works if I log out of Drupal from the web interface first.

[giorgio79]

Yep, I am! Would be great if the session could be detected by the script.

[clowNay]

It would be a nice upgrade if that could be detected yes - since you proberly still could be using the drupal installation af your backend for adding content. Logging out of backend and in on frontend to see content just doesn't work well