Ensure a body and content-length is only sent for POST, PUT and PATCH

[ntoll]

This PR supersedes #5.

We ensure that a body and content-length header are not allowed for GET or DELETE requests (we explicitly only allow this to happen for POST, PUT and PATCH). We also updated the unit tests to take this into account.

This should address the 504 Gateway Timeout errors we were seeing from Auth0.

Related Trello ticket here: https://trello.com/c/I2GozO5D

Created via pairing with @Mohammad-Tari

[xoen]

👌

Still not clear why this would cause a 504, nothing special about an HTTP GET request a part from the semantic of it. AFAIK and from what I've seen around the web (and the references to the RFCs) GET request can have a body. (a notable example is ElasticSearch which make use of it)

But if the Auth0 Authorization API behaviour is to raise a 5xx when a GET request has a body oh well, this is great 🏆

[xoen]

Also (and then I'll stop commenting on this) another puzzling thing is that this was working fine before and then all the sudden stopped working with this weird error so my guess is Auth0 changed something on their end, maybe some of the proxy in the middle was upgraded or something 🤷‍♂️ .