@nauth-toolkit/client 0.1.84 → 0.1.85

package/dist/index.d.mts

@@ -1729,6 +1729,10 @@ declare class NAuthClient {
     private buildUrl;
     /**
      * Build request headers for authentication.
+     *
+     * @param auth - Whether to include authentication headers
+     * @param method - HTTP method (GET, POST, PUT, DELETE, PATCH)
+     * @returns Headers object with auth, CSRF, and device trust headers
      * @private
      */
     private buildHeaders;

package/dist/index.d.ts

@@ -1729,6 +1729,10 @@ declare class NAuthClient {
     private buildUrl;
     /**
      * Build request headers for authentication.
+     *
+     * @param auth - Whether to include authentication headers
+     * @param method - HTTP method (GET, POST, PUT, DELETE, PATCH)
+     * @returns Headers object with auth, CSRF, and device trust headers
      * @private
      */
     private buildHeaders;

package/dist/index.mjs

@@ -1498,13 +1498,19 @@ var NAuthClient = class {
   }
   /**
    * Build request headers for authentication.
+   *
+   * @param auth - Whether to include authentication headers
+   * @param method - HTTP method (GET, POST, PUT, DELETE, PATCH)
+   * @returns Headers object with auth, CSRF, and device trust headers
    * @private
    */
-  async buildHeaders(auth) {
+  async buildHeaders(auth, method = "GET") {
     const headers = {
-      "Content-Type": "application/json",
       ...this.config.headers
     };
+    if (method !== "GET") {
+      headers["Content-Type"] = "application/json";
+    }
     if (auth && this.config.tokenDelivery === "json") {
       const accessToken = (await this.tokenManager.getTokens()).accessToken;
       if (accessToken) {
@@ -1520,7 +1526,8 @@ var NAuthClient = class {
       } catch {
       }
     }
-    if (this.config.tokenDelivery === "cookies" && hasWindow()) {
+    const mutatingMethods = ["POST", "PUT", "PATCH", "DELETE"];
+    if (this.config.tokenDelivery === "cookies" && hasWindow() && mutatingMethods.includes(method)) {
       const csrfToken = this.getCsrfToken();
       if (csrfToken) {
         headers[this.config.csrf.headerName] = csrfToken;
@@ -1543,7 +1550,7 @@ var NAuthClient = class {
    */
   async get(path, auth = false) {
     const url = this.buildUrl(path);
-    const headers = await this.buildHeaders(auth);
+    const headers = await this.buildHeaders(auth, "GET");
     const credentials = this.config.tokenDelivery === "cookies" ? "include" : "omit";
     const response = await this.config.httpAdapter.request({
       method: "GET",
@@ -1559,7 +1566,7 @@ var NAuthClient = class {
    */
   async post(path, body, auth = false) {
     const url = this.buildUrl(path);
-    const headers = await this.buildHeaders(auth);
+    const headers = await this.buildHeaders(auth, "POST");
     const credentials = this.config.tokenDelivery === "cookies" ? "include" : "omit";
     const response = await this.config.httpAdapter.request({
       method: "POST",
@@ -1576,7 +1583,7 @@ var NAuthClient = class {
    */
   async put(path, body, auth = false) {
     const url = this.buildUrl(path);
-    const headers = await this.buildHeaders(auth);
+    const headers = await this.buildHeaders(auth, "PUT");
     const credentials = this.config.tokenDelivery === "cookies" ? "include" : "omit";
     const response = await this.config.httpAdapter.request({
       method: "PUT",
@@ -1593,7 +1600,7 @@ var NAuthClient = class {
    */
   async delete(path, auth = false) {
     const url = this.buildUrl(path);
-    const headers = await this.buildHeaders(auth);
+    const headers = await this.buildHeaders(auth, "DELETE");
     const credentials = this.config.tokenDelivery === "cookies" ? "include" : "omit";
     const response = await this.config.httpAdapter.request({
       method: "DELETE",