POST / PATCH Method result in redirection on root app (/)

[erwanclx]

Hi, i just start build an app with the web kit on Adonis, and i can get to work POST/PATCH endpoints.
If i do this (GET), that's working :

router.get('/test', async ({ response }) => {
    return response.json({ status: 200, message: 'Test success' })
})
/* RESULT
{
  "status": 200,
  "message": "Test success"
}
*/

But if i do this, not. I am redirect to the homepage of inertiaRender :

router.post('/test', async ({ response }) => {
    return response.json({ status: 200, message: 'Test success' })
})
/* RESULT
<!DOCTYPE html>
<html>

<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">

    <title inertia>AdonisJS x Inertia x React</title>
..... 
*/

With the same code in kit API, i don't have the issue. Did I miss something please ?

[erwanclx]

A good night's sleep and the AdonisJS Discord will have given me a new perspective.
My issue, which isn't an issue, came from "Shield", with the CSRF protection. By default in the web kit, it is activated on the following methods: POST, PUT, PATCH, DELETE. However, with a Postman request I didn't include any CSRF tokens...

So I came up with two solutions:

• Disable CSRF on POST / PATCH method by editing the following array in config/shield.ts (a bit radical) :

methods: ['POST', 'PUT', 'PATCH', 'DELETE'],

• Disable protection on some of the endpoints in config/shield.ts (which meets my need).
  For example here, all my endpoints beginning with "api" are exclude from CSRF protection.

csrf: {
    enabled: true,
    exceptRoutes: (ctx) => {
      return ctx.request.url().includes('/api/')
    },
    enableXsrfCookie: true,
    methods: ['POST', 'PUT', 'PATCH', 'DELETE'],
  },

I found this here : https://docs.adonisjs.com/guides/security/securing-ssr-applications#config-reference
I don't know why I needed 5 reads to find this, but at least I found..