hotfix

boutell · boutell · commit 1043813be705 · 2025-11-06T11:17:43.000-05:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 4.23.1 (2025-11-06)
+
+### Fixes
+
+* Hotfix: specify the content type when calling back to Astro with JSON to render an area. This is required starting in Astro 4.9.0 and up, otherwise the request is blocked by CSRF protection. This fix allows [section-template-library](https://apostrophecms.com/extensions/section-template-library) previews to work.
+
 ## 4.23.0 (2025-10-30)
 
 ### Adds
diff --git a/modules/@apostrophecms/area/index.js b/modules/@apostrophecms/area/index.js
@@ -376,7 +376,9 @@ module.exports = {
           const response = await fetch(`${self.apos.baseUrl}/api/apos-external-front/render-area`, {
             method: 'POST',
             headers: {
-              'apos-external-front-key': self.apos.externalFrontKey
+              'apos-external-front-key': self.apos.externalFrontKey,
+              // Without this Astro enforces CSRF protection starting in version 4.9.0
+              'content-type': 'application/json'
             },
             body: JSON.stringify({
               area
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "apostrophe",
-  "version": "4.23.0",
+  "version": "4.23.1",
   "description": "The Apostrophe Content Management System.",
   "main": "index.js",
   "scripts": {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "apostrophe",`
`3`		`- "version": "4.23.0",`
	`3`	`+ "version": "4.23.1",`
`4`	`4`	`"description": "The Apostrophe Content Management System.",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`