Merge pull request #329 from curveball/delete-csrf-before-validation

fix patch on /group/:id
curveball · May 31, 2021 · 7ded866 · 7ded866
2 parents e8a79eb + 9ab6c69
commit 7ded866
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/changelog.md b/changelog.md
@@ -6,7 +6,8 @@ Changelog
 
 * Fix link to schema collection on home document.
 * Add Curl to Docker image as it's a common health check tool.
-*
+* Fix a bug that preventing using `PATCH on /group/:id` in the HAL browser.
+
 
 0.19.3 (2021-05-30)
 -------------------

diff --git a/src/group/controller/item.ts b/src/group/controller/item.ts
@@ -69,6 +69,8 @@ class GroupController extends Controller {
    */
   async patch(ctx: Context) {
 
+    delete (ctx.request.body as any)['csrf-token'];
+
     ctx.request.validate<GroupPatch>('https://curveballjs.org/schemas/a12nserver/group-patch.json');
     const group = await principalService.findById(+ctx.params.id, 'group');