Gopisathya

The BA mechanism provides no  confidentiality  protection for the transmitted credentials. They are merely encoded with  Base64  in transit, but not  encrypted  or  hashed  in any way.  HTTPS  is, therefore, typically preferred used in conjunction with Basic Authentication.

* Generates and validates CSRF tokens. The generated token is based on the session ID of the current user. Normally, anonymous users do not have a session, so the generated token will be different on every page request. To generate a token for users without a session, manually start a session // You can validate POST by testing token. $token = drupal_get_hash_salt(); if($form_state['values']['token'] != md5($token)) { drupal_access_denied(); } We can check the HTTP origin header to validate the origin. The idea is to get the $_SERVER['HTTP_ORIGIN'] header in the request and after validation send the Access-Control-Allow-Origin in the response. Example code taken from https://github.com/systemseed/services_accept_origin/blob/7.x-1.x/services_accept_origin.inc $whitelist = explode ( " \n " , $settings [ ' whitelist ' ]); $origin = ! empty ( $_SERVER [ ' HTTP_ORIGIN ' ]) ? $_SERVER [ ' HTTP_ORIGIN ...

Make use of view modes if you want to display different HTML of a content type or entity based on certain conditions.

Sometimes we want to change the style of a field whose style is generated from display suite field template. In template.php place the following code. function mytheme_field__expert__title(&$variables) { // Inspect the contents of $variables.   krumo($variables);   if ($variables['element']['#bundle'] == 'flexible_campaign_page') {     $variables['items'][0]['#markup'] = '<h1 class="gopi">' . $variables['element']['#object']->title . '</h1>';   } // Pass back to the display suite theme function for final theming.   return theme_ds_field_expert($variables); }