@matigo Indeed. This was code that was written back in 2018, and the client-side "bug" we fixed then surfaced the underlying issue from the backend. We could rewrite the client-side logic to fix the issue for good, but that requires a lot of tweaking here and there, so getting it fixed is not that fast to do.
On a related note, I have been rewriting some app logic not directly related to this issue as a small side project1, and if I would get that rewrite done also for this bit of the app the issue would get fixed for good.
We are using HATEOAS for "security reasons", and the links for the various operations are behind an API controller. That then means that we need to make sure that we call the API controller first before we call the actual operation, and that has been manually managed. I am rewriting this to be automagically managed, meaning that the API controller response is refreshed if the link to the actual operation is missing. This would make the developers' life a lot easier.