From de989cf52a2ad9c0baf0f6d630fd4e51a97099c4 Mon Sep 17 00:00:00 2001
From: Janis Jansons <janhouse@gmail.com>
Date: Mon, 12 May 2025 21:42:16 +0300
Subject: [PATCH] Do not pass content-type to GET/HEAD requests

Fixes issues with WAF in strict mode, since GET requests should not specify content-type header
---
 packages/next-auth/src/lib/client.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/packages/next-auth/src/lib/client.ts b/packages/next-auth/src/lib/client.ts
index 22b0f0cbb2..84145959a5 100644
--- a/packages/next-auth/src/lib/client.ts
+++ b/packages/next-auth/src/lib/client.ts
@@ -146,12 +146,15 @@ export async function fetchData<T = any>(
   try {
     const options: RequestInit = {
       headers: {
-        "Content-Type": "application/json",
         ...(req?.headers?.cookie ? { cookie: req.headers.cookie } : {}),
       },
     }
 
     if (req?.body) {
+      options.headers = {
+        "Content-Type": "application/json",
+        ...options.headers
+      }
       options.body = JSON.stringify(req.body)
       options.method = "POST"
     }