Deployment Module XSRF Patch Committed

I recently discovered the Deployment module for Drupal that allows content to be deployed to remote sites using RESTful web services. I thought I had it all working. I was pulled off of that task to work on another project for a couple of weeks and when I got back to it I updated the modules in my dev/testing sandbox and things went to hell in a handbasket.

I started combing through the logs and it turns out that the Services module implemented a security fix that prevented cross-site request forgery (SA-CONTRIB-2013-051) so the Deployment service calls were all failing with a 401 Unauthorized error. Once I figured out where the problem was, the fix was easy; just needed to add the new X-CSRF-TOKEN header to use when making all subsequent web service calls.

I submitted a patch file for the Deployment module and to my surprise was tested by a couple developers from notable Drupal shops – Mediacurrent and Acquia. Tim Holt (timholt) from Acquia added some minor adjustments to my original patch to include the port if it was being used in the web services URL, but other than that everything tested fine. A couple of days ago (July 3, 2013) Dick Olsson (dixon_), the maintainer of the Deployment module, committed the combined patch file from Tim and myself to the git repository on Drupal.org. dixon_ says new release will be coming in the next few days that includes this bug fix. Until then, you can clone the 7.x-2.x branch of the git repo to obtain the module with this fix in place.

This gets Drupal one step closer to making it easier to stage and deploy content because that is probably the most frustrating and error prone part of working with Drupal at this point.