Add custom HTTP header support for proxies

[markrosan8]

Description

Adds a "Custom HTTP Header" settings section in the Settings page with two text fields for a header name and value. Values are saved to UserDefaults.standard and read by the SDK's prepareRequestForScheduling: to attach the header to every outgoing request.

Companion PR: opencloud-eu/ios-sdk#6

Related Issue

Resolves https://github.com/orgs/opencloud-eu/discussions/2557

Motivation and Context

Users running OpenCloud behind reverse proxies sometimes need a custom HTTP header on all requests for routing or authentication gating. The iOS app currently has no way to attach custom headers, which can prevent the app from working in these deployments.

How Has This Been Tested?

Built and tested on iOS sim. Verified via Traefik access logs that the custom header appears on all outgoing requests. Verified that leaving the fields empty results in no change to existing behavior.

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• Added an issue with details about all relevant changes in the docs repository.
• I have added tests to cover my changes.
• All new and existing tests passed.
• I have set a pull request label and a meaningful title for changelog automation

[markrosan8]

If this is approved, I can submit similar PRs for the other clients as necessary.

[markrosan8]

@kulmann @guruz Hello, any updates on this?

[guruz]

Thank you for the PR. I have no opinion on this yet (and of course we could merge it if the code is OK) but I'd want to know what others think (that have more clue than me) about the general idea of having https://github.com/orgs/opencloud-eu/discussions/2557 .
@micbar @butonic @rhafer ?

[guruz]

By the way, in theory this should be a property of the account (since it's a multi account app) and not a global app setting!

Hmmmm. But that's harder to integrate UI wise.

@micbar @butonic @rhafer Can't this also be something the IDP tells the app?

[markrosan8]

@guruz thanks for taking a look. You’re right in theory this should be account level, and I did in fact consider that when writing. But it would have been more complex, for what I saw to be minimal benefit. I assume the number of people using edge auth on two accounts simultaneously is very low (probably the number of people using two opencloud accounts itself is low).

And either way, no one is able to use edge auth with iOS currently. So it’s not a regression in my view. But, let me know your thoughts.

[markrosan8]

It would be useful to note this restriction in the footer, if we choose to implement.

[guruz]

I have an idea for an UI that would help both you and @paolostivanin .. I'll post it to https://github.com/orgs/opencloud-eu/discussions/2557 tomorrow.

[m8426]

What's going on with this PR? Will it be merged soon?

Our instance is using an auth proxy, so clients are not usable right now. This custom header implementation would work perfectly for us.

[edernunez61]

@m8426 I'm curious what software you are using? I am on CF Access, and I'm looking into ways around this issue while being able to use the iOS app. Only thing I can think of is a user agent bypass, I'm wondering if there's any other way to sneak in a secret somehow

[m8426]

yeah i did think of that, but we've just left it as is for now

@tbsbdr @micbar @guruz @markrosan8 any idea what's going on with this pr? it looks very simple. im happy to help contribute to finish what's needed. let's push it through.

[micbar]

@m8426 @guruz

I think this is is a good feature.

To get this merged, we should have good automatic test coverage to prevent regressions in the future.

[markrosan8]

@m8426 I think someone will have to take this and the mTLS stuff over, I'm not so interested in finishing it off anymore. Working with this team has been a pain. Supposedly they have a 10+ member team, but its taken months to get a response to the PR, and I still have no requirements for mergeability. How do you work with a month long delay between each response?

I used the user agent bypass proposed by @edernunez61 , but I've just stopped using the ios app entirely now.

Hope someone can get it done. Thanks.

[micbar]

@markrosan8

Most of the people here in iOS are community. We are thinking of giving more people write access.

[guruz]

I think this is is a good feature.
To get this merged, we should have good automatic test coverage to prevent regressions in the future.

I agree it makes sense to have this, BUT: This PR is still not multi-account, while the client(s) are multi account. It does not make sense to send the same headers if you have multiple accounts configured. (Can even be a security risk if you accidently expose them to a second account)

(One) idea to make this work was the discussion in https://github.com/orgs/opencloud-eu/discussions/2557#discussioncomment-16681031 .. Better ideas are welcome.

In general, need to consider those things:

• Multi account support (both for using the setting and for storing it)
• Set before first connect(account add)
• Changeable after account was created (e.g. after some months even)

Only hack to get around this that I could imagine: Expose the setting like it is, BUT hide and disable it if (numberOfAccountsInApp>1).
But that could lead to confusion when people add second account. And to settings migration work if we ever support it for multiple accounts.

See also opencloud-eu/android#116 CC @paolostivanin

[guruz]

(One) idea to make this work was the discussion in https://github.com/orgs/opencloud-eu/discussions/2557#discussioncomment-16681031 .. Better ideas are welcome.

I'll try to vibe coding something here based on @markrosan8 's PR here. I'll report back..