Require only partial of req - headers - in processProtectedHandler (#224)

* Require only partial of req - headers - in processProtectedHandler

* Update .changeset/tough-tips-judge.md

Co-authored-by: Krzysztof Wolski <krzysztof.k.wolski@gmail.com>

---------

Co-authored-by: Krzysztof Wolski <krzysztof.k.wolski@gmail.com>

.changeset/tough-tips-judge.md

@@ -0,0 +1,7 @@
+---
+"@saleor/app-sdk": patch
+---
+
+processProtectedHandler no longer requires a full NextApiRequest object as an argument. Now only the `headers` property is required to satisfy the type safety.
+
+Thanks to that, some requests like HTML <form> with tokens in BODY can be validated. Till now only fetch/ajax calls could have been validated

src/handlers/next/process-protected-handler.ts

@@ -37,7 +37,7 @@ export type ProtectedHandlerContext = {
 };
 
 interface ProcessSaleorProtectedHandlerArgs {
-  req: NextApiRequest;
+  req: Pick<NextApiRequest, "headers">;
   apl: APL;
   requiredPermissions?: Permission[];
 }
@@ -49,6 +49,8 @@ type ProcessAsyncSaleorProtectedHandler = (
 /**
  * Perform security checks on given request and return ProtectedHandlerContext object.
  * In case of validation issues, instance of the ProtectedHandlerError will be thrown.
+ *
+ * Can pass entire next request or Headers with saleorApiUrl and token
  */
 export const processSaleorProtectedHandler: ProcessAsyncSaleorProtectedHandler = async ({
   req,