[body-data] handle body in requests without content-type header

[maxakuru]

Right now it looks like if a request is missing content-type but contains a body, the body is never consumed and instead only the search params are treated as data

in this case maybe we can either:

1. implicitly read the body as text, and attempt JSON parsing, but ignore any error that may occur (and treat as empty body, continue to read the search params as the data)
2. reject the request with a 400

In the last 7 days it looks like we received ~25k POSTs with a body and no content-type to admin (excluding /hook/github and /hook/slack) so option 2 might be too aggressive.

I'm unsure of how/if those bodies are being handled at the moment, though. Maybe they're quietly being treated as empty bodies and the client is unaware the request is being handled differently than they expect? wdyt @tripodsan?

see also https://github.com/adobe/helix-admin/issues/2570

[maxakuru]

on second pass, I see that helix-fetch does some coercing of it's own: https://github.com/adobe/fetch/blob/main/src/core/request.js#L212-L237

not sure how those requests are making it to logs without a content-type though

[tripodsan]

I think sending a 415 if there is a post body but no content-type is the correct behaviour. but setting the correct accept-post header is then tricky, as it depends on the route.

I'm curious what the actual POST body is of those 25k requests.