Hi!
I have two models, Publications and User. There is an OneToOne relationship between, and when I make a request to /api/publications/1 (for example), I get the publication with the user BUT, the user brings the password to (encrypted)
When I make a request to /api/users/1 in that case the password does not show up
This sounds like a custom controller/service/something that isn’t passing the response from the internal API into our sanitizeEntity function. Can you share your code, or you can refer to some of our examples:
https://strapi.io/documentation/v3.x/concepts/controllers.html#findone
Specifically:
const { sanitizeEntity } = require('strapi-utils');
module.exports = {
/**
* Retrieve a record.
*
* @return {Object}
*/
async findOne(ctx) {
const { id } = ctx.params;
const entity = await strapi.services.restaurant.findOne({ id });
return sanitizeEntity(entity, { model: strapi.models.restaurant }); // <----- This right here
},
};
The above example, this sanitizeEntity function removes that private data from the response and comes from here:
1 Like