From b88b4242ceae863878a35935e6763e216ed160a4 Mon Sep 17 00:00:00 2001
From: Jim O'Donnell <jim@zooniverse.org>
Date: Sun, 19 Feb 2023 03:44:25 +0000
Subject: [PATCH] Add default JSON headers to sign-out requests (#198)

Add the enumerable values of `config.jsonHeaders` to `deleteHeaders`, rather than creating a new, empty object from its prototype.
---
 lib/auth.js  | 6 ++++--
 lib/oauth.js | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/auth.js b/lib/auth.js
index e959fea..2a32cbe 100644
--- a/lib/auth.js
+++ b/lib/auth.js
@@ -326,8 +326,10 @@ const authClient = new Model({
         return getCSRFToken(config.host).then(function(token) {
           var url = config.host + '/users/sign_out';
 
-          var deleteHeaders = Object.create(config.jsonHeaders);
-          deleteHeaders['X-CSRF-Token'] = token;
+          var deleteHeaders = {
+            ...config.jsonHeaders,
+            ['X-CSRF-Token']: token
+          };
 
           return makeCredentialHTTPRequest('DELETE', url, null, deleteHeaders)
             .then(function() {
diff --git a/lib/oauth.js b/lib/oauth.js
index b660405..cd1e798 100644
--- a/lib/oauth.js
+++ b/lib/oauth.js
@@ -126,8 +126,10 @@ const authClient = new Model({
         return getCSRFToken(config.oauthHost).then(function(token) {
           var url = config.oauthHost + '/users/sign_out';
 
-          var deleteHeaders = Object.create(config.jsonHeaders);
-          deleteHeaders['X-CSRF-Token'] = token;
+          var deleteHeaders = {
+            ...config.jsonHeaders,
+            ['X-CSRF-Token']: token
+          };
 
           return makeCredentialHTTPRequest('DELETE', url, null, deleteHeaders)
             .then(function() {