hey-api · StratusFearMe21 · May 9, 2026 · May 9, 2026 · May 9, 2026 · May 9, 2026
diff --git a/.changeset/hot-baboons-carry.md b/.changeset/hot-baboons-carry.md
@@ -0,0 +1,5 @@
+---
+"@hey-api/openapi-ts": minor
+---
+
+Fix how headers are handled in @hey-api/client-angular#3860
diff --git a/examples/openapi-ts-angular-common/src/client/client/client.gen.ts b/examples/openapi-ts-angular-common/src/client/client/client.gen.ts
@@ -1,6 +1,6 @@
 // This file is auto-generated by @hey-api/openapi-ts
 
-import type { HttpResponse } from '@angular/common/http';
+import type { HttpHeaders, HttpResponse } from '@angular/common/http';
 import { HttpClient, HttpErrorResponse, HttpEventType, HttpRequest } from '@angular/common/http';
 import {
   assertInInjectionContext,
@@ -87,14 +87,26 @@ export const createClient = (config: Config = {}): Client => {
       opts.headers.delete('Content-Type');
     }
 
+    return opts;
+  };
+
+  const finalizeRequest = <
+    TData = unknown,
+    ThrowOnError extends boolean = false,
+    TResponseStyle extends ResponseStyle = 'fields',
+  >(
+    opts: RequestOptions<TData, TResponseStyle, ThrowOnError> & {
+      headers: HttpHeaders;
+    },
+  ) => {
     const url = buildUrl(opts as Config & RequestOptions);
 
     const req = new HttpRequest<unknown>(opts.method ?? 'GET', url, getValidRequestBody(opts), {
       redirect: 'follow',
       ...opts,
     });
 
-    return { opts, req, url };
+    return { req, url };
   };
 
   const beforeRequest = async <
@@ -105,19 +117,18 @@ export const createClient = (config: Config = {}): Client => {
   >(
     options: RequestOptions<TData, TResponseStyle, ThrowOnError, Url>,
   ) => {
-    const { opts, req, url } = requestOptions(options);
+    const opts = requestOptions(options);
 
     if (opts.security) {
-      await setAuthParams({
-        ...opts,
-        security: opts.security,
-      });
+      await setAuthParams(opts, opts.security);
     }
 
     if (opts.requestValidator) {
       await opts.requestValidator(opts);
     }
 
+    const { req, url } = finalizeRequest(opts);
+
     return { opts, req, url };
   };
 
@@ -239,7 +250,7 @@ export const createClient = (config: Config = {}): Client => {
         throw new Error('Request validation is not supported in requestOptions');
       }
 
-      return requestOptions(options).req;
+      return finalizeRequest(requestOptions(options)).req;
     },
     setConfig,
     sse: {

diff --git a/examples/openapi-ts-angular-common/src/client/client/utils.gen.ts b/examples/openapi-ts-angular-common/src/client/client/utils.gen.ts
@@ -180,12 +180,12 @@ export const getParseAs = (
 };
 
 export const setAuthParams = async (
-  options: Pick<Required<RequestOptions>, 'security'> &
-    Pick<RequestOptions, 'auth' | 'query'> & {
-      headers: HttpHeaders;
-    },
+  options: Pick<RequestOptions, 'auth' | 'query'> & {
+    headers: HttpHeaders;
+  },
+  security: Pick<Required<RequestOptions>, 'security'>['security'],
 ) => {
-  for (const auth of options.security) {
+  for (const auth of security) {
     const token = await getAuthToken(auth, options.auth);
 
     if (!token) {

diff --git a/examples/openapi-ts-angular/src/client/client/client.gen.ts b/examples/openapi-ts-angular/src/client/client/client.gen.ts
@@ -1,6 +1,6 @@
 // This file is auto-generated by @hey-api/openapi-ts
 
-import type { HttpResponse } from '@angular/common/http';
+import type { HttpHeaders, HttpResponse } from '@angular/common/http';
 import { HttpClient, HttpErrorResponse, HttpEventType, HttpRequest } from '@angular/common/http';
 import {
   assertInInjectionContext,
@@ -87,14 +87,26 @@ export const createClient = (config: Config = {}): Client => {
       opts.headers.delete('Content-Type');
     }
 
+    return opts;
+  };
+
+  const finalizeRequest = <
+    TData = unknown,
+    ThrowOnError extends boolean = false,
+    TResponseStyle extends ResponseStyle = 'fields',
+  >(
+    opts: RequestOptions<TData, TResponseStyle, ThrowOnError> & {
+      headers: HttpHeaders;
+    },
+  ) => {
     const url = buildUrl(opts as Config & RequestOptions);
 
     const req = new HttpRequest<unknown>(opts.method ?? 'GET', url, getValidRequestBody(opts), {
       redirect: 'follow',
       ...opts,
     });
 
-    return { opts, req, url };
+    return { req, url };
   };
 
   const beforeRequest = async <
@@ -105,19 +117,18 @@ export const createClient = (config: Config = {}): Client => {
   >(
     options: RequestOptions<TData, TResponseStyle, ThrowOnError, Url>,
   ) => {
-    const { opts, req, url } = requestOptions(options);
+    const opts = requestOptions(options);
 
     if (opts.security) {
-      await setAuthParams({
-        ...opts,
-        security: opts.security,
-      });
+      await setAuthParams(opts, opts.security);
     }
 
     if (opts.requestValidator) {
       await opts.requestValidator(opts);
     }
 
+    const { req, url } = finalizeRequest(opts);
+
     return { opts, req, url };
   };
 
@@ -239,7 +250,7 @@ export const createClient = (config: Config = {}): Client => {
         throw new Error('Request validation is not supported in requestOptions');
       }
 
-      return requestOptions(options).req;
+      return finalizeRequest(requestOptions(options)).req;
     },
     setConfig,
     sse: {

diff --git a/examples/openapi-ts-angular/src/client/client/utils.gen.ts b/examples/openapi-ts-angular/src/client/client/utils.gen.ts
@@ -180,12 +180,12 @@ export const getParseAs = (
 };
 
 export const setAuthParams = async (
-  options: Pick<Required<RequestOptions>, 'security'> &
-    Pick<RequestOptions, 'auth' | 'query'> & {
-      headers: HttpHeaders;
-    },
+  options: Pick<RequestOptions, 'auth' | 'query'> & {
+    headers: HttpHeaders;
+  },
+  security: Pick<Required<RequestOptions>, 'security'>['security'],
 ) => {
-  for (const auth of options.security) {
+  for (const auth of security) {
     const token = await getAuthToken(auth, options.auth);
 
     if (!token) {

diff --git a/examples/openapi-ts-tanstack-angular-query-experimental/src/client/client/client.gen.ts b/examples/openapi-ts-tanstack-angular-query-experimental/src/client/client/client.gen.ts
@@ -1,6 +1,6 @@
 // This file is auto-generated by @hey-api/openapi-ts
 
-import type { HttpResponse } from '@angular/common/http';
+import type { HttpHeaders, HttpResponse } from '@angular/common/http';
 import { HttpClient, HttpErrorResponse, HttpEventType, HttpRequest } from '@angular/common/http';
 import {
   assertInInjectionContext,
@@ -87,14 +87,26 @@ export const createClient = (config: Config = {}): Client => {
       opts.headers.delete('Content-Type');
     }
 
+    return opts;
+  };
+
+  const finalizeRequest = <
+    TData = unknown,
+    ThrowOnError extends boolean = false,
+    TResponseStyle extends ResponseStyle = 'fields',
+  >(
+    opts: RequestOptions<TData, TResponseStyle, ThrowOnError> & {
+      headers: HttpHeaders;
+    },
+  ) => {
     const url = buildUrl(opts as Config & RequestOptions);
 
     const req = new HttpRequest<unknown>(opts.method ?? 'GET', url, getValidRequestBody(opts), {
       redirect: 'follow',
       ...opts,
     });
 
-    return { opts, req, url };
+    return { req, url };
   };
 
   const beforeRequest = async <
@@ -105,19 +117,18 @@ export const createClient = (config: Config = {}): Client => {
   >(
     options: RequestOptions<TData, TResponseStyle, ThrowOnError, Url>,
   ) => {
-    const { opts, req, url } = requestOptions(options);
+    const opts = requestOptions(options);
 
     if (opts.security) {
-      await setAuthParams({
-        ...opts,
-        security: opts.security,
-      });
+      await setAuthParams(opts, opts.security);
     }
 
     if (opts.requestValidator) {
       await opts.requestValidator(opts);
     }
 
+    const { req, url } = finalizeRequest(opts);
+
     return { opts, req, url };
   };
 
@@ -239,7 +250,7 @@ export const createClient = (config: Config = {}): Client => {
         throw new Error('Request validation is not supported in requestOptions');
       }
 
-      return requestOptions(options).req;
+      return finalizeRequest(requestOptions(options)).req;
     },
     setConfig,
     sse: {

diff --git a/examples/openapi-ts-tanstack-angular-query-experimental/src/client/client/utils.gen.ts b/examples/openapi-ts-tanstack-angular-query-experimental/src/client/client/utils.gen.ts
@@ -180,12 +180,12 @@ export const getParseAs = (
 };
 
 export const setAuthParams = async (
-  options: Pick<Required<RequestOptions>, 'security'> &
-    Pick<RequestOptions, 'auth' | 'query'> & {
-      headers: HttpHeaders;
-    },
+  options: Pick<RequestOptions, 'auth' | 'query'> & {
+    headers: HttpHeaders;
+  },
+  security: Pick<Required<RequestOptions>, 'security'>['security'],
 ) => {
-  for (const auth of options.security) {
+  for (const auth of security) {
     const token = await getAuthToken(auth, options.auth);
 
     if (!token) {

diff --git a/.../main/test/__snapshots__/2.0.x/plugins/@angular/common/default-class/client/client.gen.ts b/.../main/test/__snapshots__/2.0.x/plugins/@angular/common/default-class/client/client.gen.ts
@@ -1,6 +1,6 @@
 // This file is auto-generated by @hey-api/openapi-ts
 
-import type { HttpResponse } from '@angular/common/http';
+import type { HttpHeaders, HttpResponse } from '@angular/common/http';
 import { HttpClient, HttpErrorResponse, HttpEventType, HttpRequest } from '@angular/common/http';
 import {
   assertInInjectionContext,
@@ -87,14 +87,26 @@ export const createClient = (config: Config = {}): Client => {
       opts.headers.delete('Content-Type');
     }
 
+    return opts;
+  };
+
+  const finalizeRequest = <
+    TData = unknown,
+    ThrowOnError extends boolean = false,
+    TResponseStyle extends ResponseStyle = 'fields',
+  >(
+    opts: RequestOptions<TData, TResponseStyle, ThrowOnError> & {
+      headers: HttpHeaders;
+    },
+  ) => {
     const url = buildUrl(opts as Config & RequestOptions);
 
     const req = new HttpRequest<unknown>(opts.method ?? 'GET', url, getValidRequestBody(opts), {
       redirect: 'follow',
       ...opts,
     });
 
-    return { opts, req, url };
+    return { req, url };
   };
 
   const beforeRequest = async <
@@ -105,19 +117,18 @@ export const createClient = (config: Config = {}): Client => {
   >(
     options: RequestOptions<TData, TResponseStyle, ThrowOnError, Url>,
   ) => {
-    const { opts, req, url } = requestOptions(options);
+    const opts = requestOptions(options);
 
     if (opts.security) {
-      await setAuthParams({
-        ...opts,
-        security: opts.security,
-      });
+      await setAuthParams(opts, opts.security);
     }
 
     if (opts.requestValidator) {
       await opts.requestValidator(opts);
     }
 
+    const { req, url } = finalizeRequest(opts);
+
     return { opts, req, url };
   };
 
@@ -239,7 +250,7 @@ export const createClient = (config: Config = {}): Client => {
         throw new Error('Request validation is not supported in requestOptions');
       }
 
-      return requestOptions(options).req;
+      return finalizeRequest(requestOptions(options)).req;
     },
     setConfig,
     sse: {

diff --git a/...s/main/test/__snapshots__/2.0.x/plugins/@angular/common/default-class/client/utils.gen.ts b/...s/main/test/__snapshots__/2.0.x/plugins/@angular/common/default-class/client/utils.gen.ts
@@ -183,12 +183,12 @@ export const getParseAs = (
 };
 
 export const setAuthParams = async (
-  options: Pick<Required<RequestOptions>, 'security'> &
-    Pick<RequestOptions, 'auth' | 'query'> & {
-      headers: HttpHeaders;
-    },
+  options: Pick<RequestOptions, 'auth' | 'query'> & {
+    headers: HttpHeaders;
+  },
+  security: Pick<Required<RequestOptions>, 'security'>['security']
 ) => {
-  for (const auth of options.security) {
+  for (const auth of security) {
     const token = await getAuthToken(auth, options.auth);
 
     if (!token) {