wsgidav.response_headers only added to GET/HEAD requests

[SteffenDE]

The custom headers should be included in every response, not only when using GET/HEAD.

wsgidav/wsgidav/request_server.py

Lines 1593 to 1598 in 08768f6

	if "response_headers" in environ["wsgidav.config"]:
	customHeaders = environ["wsgidav.config"]["response_headers"]
	for header, value in customHeaders:
	response_headers.append((header, value))
	res.finalize_headers(environ, response_headers)

Also, res.finalize_headers() should be called.

[mar10]

Can you give a use case? #90 seems to be ok with setting headers on every request. I am not sure if this is always the case and we might need to extend the configuration?

[SteffenDE]

#90 talked about the "Access-Control-Allow-Origin" header. Adding this header to the response_headers configuration currently does not help at all, as for CORS to work (https://developer.mozilla.org/de/docs/Web/HTTP/CORS), the headers must be added to every request. Currently, they are only added to GET and HEAD requests. CORS is actually a little bit more complex, so maybe there should be a middleware for that, but still I think response_headers should be applied to every request.

Trying to do a CORS request from the browser:

response_headers added to GET:

response_headers not added to OPTIONS:

response_headers not added to PUT:

For my use-case I actually tried to achieve setting a cookie from a Directory Controller (verifying basic auth credentials on every request is very expensive using modern password hash algorithms) and some clients support sending cookies instead. I "fixed" this by caching a hash of the username+password combination in memory using a faster hash algorithm (blake2) and storing that hash (and the auth result) for 60 seconds. Therefore, clients that send many requests at once (like macOS Finder when unpacking a ZIP file on a WebDAV drive) does not require hashing the password all the time.

[github-actions]

This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs.
Thank you for your contributions.

[github-actions]

This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs.
Thank you for your contributions.

[mar10]

Started a branch: append_custom_headers

[github-actions]

This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs.
Thank you for your contributions.