Kévin Dunglas

Actually, the list of fields is available in the state provider. The main complexity - as you pointed out - is Doctrine, which doesn't support partial objects well. Using a...

Can you paste the error you get and the corresponding entity please? This is probably a specific problem related to how the Symfony Serializer handles datetime objects.

Are you sure that it's not this feature of the serializer? https://symfony.com/doc/current/components/serializer.html#recursive-denormalization-and-type-safety Then https://github.com/symfony/symfony/pull/27136 could help.

Your config should work (you can even use constants in Doctrine annotations if you want). Can you post the exact error you have?

Could you please report this to Caddy? It's very likely a regression. Also, they'll probably ask for a reproducer to debug. Do you know how we can create one?

For the record, this can be tested locally by just running `docker compose up`. Then load `https://localhost` and click on the buttons allowing to access the various API Platform components.

I just tested the patch, and it works! Thanks @francislavoie.

The `push` option isn't related to Vulcain (it's an older feature) and doesn't support authorization. We'll probably remove this option in favor or Vulcain in a future version. To push...

The request made by the browser must exactly match the pushed request (so it must include the Authorization header).

@johnhout I updated your PR, but [according to OWASP](https://owasp.org/www-project-secure-headers/) the `X-XSS-Protection` header is deprecated and should be replaced by a Content Security Policy, and the `Referrer-Policy` should be set. WDYT?