@gabesullice wrote this in #2971562: Refactor/clean-up Routes.php:

Because while they share a common path, the collection path is read-only, does not need the serialization_class route default (to deserialize) nor CSRF protection (a route requirement).

Comments

Wim Leers created an issue. See original summary.

gabesullice’s picture

gabesullice
Primary language English
commented
Version: 8.x-1.x-dev » 8.x-2.x-dev
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Status: Active » Closed (duplicate)

This is already implicitly being implemented by #2973784-13: JSON API should check entity access during routing, not in controller, for the "individual" route — so we can close this as a duplicate :)

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Related issues: +#2973784: JSON API should check entity access during routing, not in controller, for the "individual" route