Content-Type header in GET requests

[BlakeWills]

We have recently introduced a WAF that is flagging a lot of signalR requests due to them having the Content-Type header on GET requests.

The majority of issues seem to be coming from the /signalr/negotiate endpoint.

Since these are GET requests that do not have a body, why do they need Content-Type headers?

Expected behavior

GET requests with no body do not have a Content-Type header.

Actual behavior

GET requests with no body have a Content-Type header.

Steps to reproduce

Observe calls to the negotate endpoint via the browser network tab / Fiddler and inspect the request.

I've done some digging into the code and I'm happy to submit a PR that I think will fix this, but I don't know why they are there in the first place. Any insight would be appreciated.

[analogrelay]

I don't believe there's a specific reason we have a Content-Type header on our GET /signalr/negotiate request, so a PR would probably be welcome. @davidfowl and @halter73 might have some history here.

[halter73]

I assume we're talking about the JS client, right?

I pretty sure this was just an oversight made when fixing #947 back in 2013 so that a user's call to $.ajaxSetup won't change the Content-Type of SignalR POST requests that do need to set the header. It looks like the negotiate request got unnecessarily caught up in this change.