Fix PATCH requests failing when using function-based headers for authentication

[Copilot]

PATCH requests fail with "content-type 'application/ld+json' not supported" when implementing authentication using function-based headers (as shown in the documentation example). The dataProvider sets content-type: application/merge-patch+json for PATCH operations, but this header is lost during authentication header injection.

Root Cause

fetchHydra.ts only handled header merging when headers were NOT a function, leaving function-based headers (type () => HeadersInit) unprocessed:

// Before: only merged headers if NOT a function
if (typeof requestHeaders !== 'function' && options.user && ...) {
  requestHeaders = new Headers(requestHeaders);
  requestHeaders.set('Authorization', options.user.token);
}

Changes

• Always resolve function headers before merging with authentication header
• Convert to Headers object consistently regardless of input type
• Follows the same pattern already used in openapi/dataProvider.ts:16

// After: resolve function headers, then merge
if (typeof requestHeaders === 'function') {
  requestHeaders = requestHeaders();
}
requestHeaders = new Headers(requestHeaders);
if (options.user && options.user.authenticated && options.user.token) {
  requestHeaders.set('Authorization', options.user.token);
}

This preserves critical headers like content-type: application/merge-patch+json while adding authentication headers.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Authentication breaks PATCH requests</issue_title>
<issue_description>API Platform version(s) affected: 4.0.11

Description
Authentication based on the example from docs https://api-platform.com/docs/admin/authentication-support/ leads to the weird side effect - PATCH requests fail with error stating that The content-type "application/ld+json" is not supported. Supported MIME types are "application/merge-patch+json".' Everything else works reasonably good, only PATCH is failing.

How to reproduce
Implement dataProvider accordingly to the docs.
Try to update entity via admin.
</issue_description>

<agent_instructions>Fix this issue</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@slax57 Looking at a similar issue (https://github.com//issues/578) made me wonder if this could be caused by this code:

const getHeaders = () =>
  localStorage.getItem("token")
    ? { Authorization: `Bearer ${localStorage.getItem("token")}` }
    : {};

const fetchHydra = (url, options = {}) =>
  baseFetchHydra(url, {
    ...options,
    headers: getHeaders,
  });

Indeed this seems to override any headers that could be present in options, so it could loose the content-type header in the process.

Can you try to merge the headers instead to see if this solves your issue?

const fetchHydra = (url, options = {}) =>
  baseFetchHydra(url, {
    ...options,
    headers: () => ({ ...options.headers(), ...getHeaders() }),
  });
```</body></comment_new>
</comments>

• Fixes Authentication breaks PATCH requests #590

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[vincentchalamon]

No bug to fix, all done here: api-platform/demo#589