Middleware should not redirect to auth on any request that is not a GET

[ajwootto]

Checklist

• [X] The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
• [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• [X] I have looked into the API documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Description

Currently the SDK middleware contains this logic to determine that it should send a 401 Unauthorized response rather than attempt to redirect to login: https://github.com/auth0/nextjs-auth0/blob/main/src/helpers/with-middleware-auth-required.ts#L116

Its only condition is that the route begins with "/api". However, that does not take into account things like server actions, which normally just send a POST request to the same URL that the current page is located on. As a result, we get responses to unauthenticated server action calls which are redirects, but since the middleware is attempting to redirect a POST request, the browser ends up sending a POST to the /api/auth/login/, then resulting in a 405 (Method not allowed)

To me the correct behaviour here would be to not redirect and instead respond with 401 any time the incoming request is not a GET.

Reproduction

1. Set up auth0 middleware around all routes
2. Create a page that calls a server action
3. Trigger the action while in an unauthenticated state
4. Response is 307 with a redirect to the login page, despite it being a POST request

Additional context

No response

nextjs-auth0 version

3.5.0

Next.js version

14.1.4

Node.js version

20.10.0