I noticed that overriding the default restful option (false), in routes does not work. Overriding only seems to work when restful is globaly set to true. I think the problem is a short-circuit evaluation in the if statement when branching to validate either by content or by x-csrf-token header:
if (settings.restful === false || (!request.route.settings.plugins._crumb || request.route.settings.plugins._crumb.restful === false)){
I thought this behaviour is not quite what you would expect.
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.
I noticed that overriding the default restful option (false), in routes does not work. Overriding only seems to work when restful is globaly set to true. I think the problem is a short-circuit evaluation in the if statement when branching to validate either by content or by x-csrf-token header:
if (settings.restful === false || (!request.route.settings.plugins._crumb || request.route.settings.plugins._crumb.restful === false)){
I thought this behaviour is not quite what you would expect.