Which works as expected and uploads the image to the correct location, however anyone who is logged in can upload to any collection. Is there anyway to protect it and allow just the user who owns the collection to complete the action.
Many Thanks
Hi,
Thanks for the reply, how do you attach a policy to the /upload route? I thought it might be the case to create a policy for it, but I could not work out in the files where in fact to put it.
To answer your question, it looks fine to me, try removing /api see if that works. On the version I’m using at least I POST too http://localhost:1337/upload
Thanks
Have you allowed public to use the upload route under users and permissions? If you have just allowed authorised users are sending a correct JWT token? Could also be an issue with moving into the extensions?