Update User via API

System Information
  • Strapi Version: 4.5.1
  • Operating System: MacOS
  • Database: SQlite
  • Node Version: 18.12

This seems to be a wide problem and i found no answer elsewhere:

I have a User with some settings, the API URL (found in the AdminPanel) is: POST /api/auth/localand it is a public route.
The login works fine.

Now i want to update some user settings, via this API: PUT /api/users/:id

I use ThunderClient in VSC with this fetch:

let headersList = {
 "Accept": "application/json",
 "Authorization": "Bearer eyJhbGciOi...",
 "Content-Type": "application/x-www-form-urlencoded"

let bodyContent = "bio=test";
This text will be hidden

let response = await fetch("", { 
  method: "PUT",
  body: bodyContent,
  headers: headersList

It works, i updated the user setting.

I try the same in SvelteKit inside a api.jsonly accessible by the server:

	opts.headers['accept'] = 'application/json'
	opts.headers['Content-Type'] = 'application/json; charset=UTF-8' 
	opts.body = JSON.stringify(data.user)
	opts.headers['Authorization'] = `Bearer ${token}`
    const res = await fetch(url, opts)

if i log the request, it looks like this:

  method: 'PUT',
  headers: {
    accept: 'application/json',
    'Content-Type': 'application/json; charset=UTF-8',
    Authorization: 'Bearer eyJhbGciOiJIUzI1NiIsInR5...'
  body: '{"username":"Peter","email":"peter@peter.de","password":"","image":"none","bio":"test"}'

This throws an error: status 400 and i could not find out why?

This is the full error output:

Response {
  [Symbol(realm)]: null,
  [Symbol(state)]: {
    aborted: false,
    rangeRequested: false,
    timingAllowPassed: true,
    requestIncludesCredentials: true,
    type: 'default',
    status: 400,
    timingInfo: {
      startTime: 10996003.055124998,
      redirectStartTime: 0,
      redirectEndTime: 0,
      postRedirectStartTime: 10996003.055124998,
      finalServiceWorkerStartTime: 0,
      finalNetworkResponseStartTime: 0,
      finalNetworkRequestStartTime: 0,
      endTime: 0,
      encodedBodySize: 233,
      decodedBodySize: 233,
      finalConnectionTimingInfo: null
    cacheState: '',
    statusText: 'Bad Request',
    headersList: HeadersList {
      [Symbol(headers map)]: [Map],
      [Symbol(headers map sorted)]: null
    urlList: [ [URL] ],
    body: { stream: undefined }
  [Symbol(headers)]: HeadersList {
    [Symbol(headers map)]: Map(15) {
      'content-security-policy' => "connect-src 'self' https:;img-src 'self' data: blob: https://dl.airtable.com;media-src 'self' data: blob:;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'",
      'x-dns-prefetch-control' => 'off',
      'expect-ct' => 'max-age=0',
      'x-frame-options' => 'SAMEORIGIN',
      'strict-transport-security' => 'max-age=31536000; includeSubDomains',
      'x-download-options' => 'noopen',
      'x-content-type-options' => 'nosniff',
      'x-permitted-cross-domain-policies' => 'none',
      'referrer-policy' => 'no-referrer',
      'vary' => 'Origin',
      'content-type' => 'application/json; charset=utf-8',
      'content-length' => '233',
      'date' => 'Tue, 29 Nov 2022 13:07:51 GMT',
      'connection' => 'keep-alive',
      'keep-alive' => 'timeout=5'
    [Symbol(headers map sorted)]: null

Can anybody please solve my problem :slight_smile:
Or give me a good hint, what is going wrong?

Thanks a lot Kolja

1 Like

Mhh, okay is there anything wrong with my question or do i try to do something exrtaordinary?

some answer?