diff --git a/services/docstore/app/js/HttpController.js b/services/docstore/app/js/HttpController.js
index 8cb852b4dd..59603ca06a 100644
--- a/services/docstore/app/js/HttpController.js
+++ b/services/docstore/app/js/HttpController.js
@@ -191,7 +191,17 @@ module.exports = HttpController = {
   patchDoc(req, res, next) {
     const { project_id, doc_id } = req.params
     logger.log({ project_id, doc_id }, 'patching doc')
-    DocManager.patchDoc(project_id, doc_id, req.body, function (error) {
+
+    const allowedFields = ['deleted', 'deletedAt', 'name']
+    const meta = {}
+    Object.entries(req.body).forEach(([field, value]) => {
+      if (allowedFields.includes(field)) {
+        meta[field] = value
+      } else {
+        logger.fatal({ field }, 'joi validation for pathDoc is broken')
+      }
+    })
+    DocManager.patchDoc(project_id, doc_id, meta, function (error) {
       if (error) {
         return next(error)
       }
diff --git a/services/docstore/test/unit/js/HttpControllerTests.js b/services/docstore/test/unit/js/HttpControllerTests.js
index 16d4c7f584..4fc3651ada 100644
--- a/services/docstore/test/unit/js/HttpControllerTests.js
+++ b/services/docstore/test/unit/js/HttpControllerTests.js
@@ -32,7 +32,8 @@ describe('HttpController', function () {
         './DocArchiveManager': (this.DocArchiveManager = {}),
         'logger-sharelatex': (this.logger = {
           log: sinon.stub(),
-          error: sinon.stub()
+          error: sinon.stub(),
+          fatal: sinon.stub()
         }),
         'settings-sharelatex': settings,
         './HealthChecker': {}
@@ -477,6 +478,30 @@ describe('HttpController', function () {
     it('should return a 204 (No Content)', function () {
       expect(this.res.sendStatus).to.have.been.calledWith(204)
     })
+
+    describe('with an invalid payload', function () {
+      beforeEach(function () {
+        this.req.body = { cannot: 'happen' }
+
+        this.DocManager.patchDoc = sinon.stub().yields(null)
+        this.HttpController.patchDoc(this.req, this.res, this.next)
+      })
+
+      it('should log a message', function () {
+        expect(this.logger.fatal).to.have.been.calledWith(
+          { field: 'cannot' },
+          'joi validation for pathDoc is broken'
+        )
+      })
+
+      it('should not pass the invalid field along', function () {
+        expect(this.DocManager.patchDoc).to.have.been.calledWith(
+          this.project_id,
+          this.doc_id,
+          {}
+        )
+      })
+    })
   })
 
   describe('archiveAllDocs', function () {