Some api calls trough API Docs page cause session to log out. Doesn't happen while using the curl command.
Known to cause this:
- Backend create/delete/update
- Field definitions update/delete
In the logs (attached below) for system-provider shows:
Where id is filled AND actually logs out when used trough API Docs page. When using curl the id is missing and doesn't cause log out.
Every endpoint in the API Docs page which returns json and uses different HTTP methods than GET will trigger the destruction of the session.
The easiest fix is to disable the CSRF protection for json requests. However, this is not optimal.
We should fix the communication between the backend and frontend so it won't destroy the user session.