avoid Content-Type header when posting an empty body

[BertKoor]

fix #5157

This is done to circumvent CRS rule 920420 of Apache ModSecurity.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 35.43%. Comparing base (e7a9d13) to head (4d5c73e).
Report is 28 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #5158      +/-   ##
============================================
- Coverage     35.53%   35.43%   -0.10%     
- Complexity    11143    11169      +26     
============================================
  Files          1157     1158       +1     
  Lines         47737    47886     +149     
============================================
+ Hits          16961    16967       +6     
- Misses        30776    30919     +143     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[BertKoor]

Oh bugger, apparently I had been looking at the response headers instead of request headers.
As Greg predicted, with null as the default value for the body param the Content-Type header indeed is absent in POST requests.
Fingers crossed that mod_security finds this acceptable as well.