feat: Add support for custom headers

[Anush008]

All Submissions:

• Contributions should target the dev branch. Did you create your branch from dev?
• Have you followed the guidelines in our Contributing document?
• Have you checked to ensure there aren't other open Pull Requests for the same update/change?

New Feature Submissions:

1. Does your submission pass tests?
2. Have you installed pre-commit with pip3 install pre-commit and set up hooks with pre-commit install?

[netlify]

✅ Deploy Preview for poetic-froyo-8baba7 ready!

Name	Link
🔨 Latest commit	30f11a1
🔍 Latest deploy log	https://app.netlify.com/projects/poetic-froyo-8baba7/deploys/69b42300482fa700071e4904
😎 Deploy Preview	https://deploy-preview-1162--poetic-froyo-8baba7.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3b245478-b60c-4789-859f-4ca500047411

📥 Commits

Reviewing files that changed from the base of the PR and between a95a529 and 93ce357.

📒 Files selected for processing (2)

• qdrant_client/async_qdrant_remote.py
• qdrant_client/qdrant_remote.py

🚧 Files skipped from review as they are similar to previous changes (2)

• qdrant_client/qdrant_remote.py
• qdrant_client/async_qdrant_remote.py

---

📝 Walkthrough

Walkthrough

Adds an optional headers: dict[str, str] | None parameter to constructors of QdrantClient, AsyncQdrantClient, QdrantRemote, and AsyncQdrantRemote. Provided headers are merged into REST headers and appended to gRPC metadata during initialization. The change forwards headers through client construction, computes and enforces a builtin User-Agent, and emits warnings if provided api-key, User-Agent, or grpc.primary_user_agent values would be overridden.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title 'feat: Add support for custom headers' clearly and concisely summarizes the main change in the changeset, which adds a headers parameter across multiple client classes.
Description check	✅ Passed	The pull request description is a standard submission checklist that confirms the contributor has followed guidelines, created tests, and set up pre-commit hooks, all related to the feature submission.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch custom-headers

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

qdrant_client/async_qdrant_client.py (1)

107-112: headers will be stored in init_options (consistent with existing sensitive params).

Custom headers (which may contain sensitive values like authentication tokens) are captured in _init_options and exposed via the public init_options property. This is consistent with how api_key and auth_token_provider are already handled.

No change is required, but users should be aware that init_options may contain sensitive data and should not be logged or serialized without redaction.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@qdrant_client/async_qdrant_client.py` around lines 107 - 112, The constructor
currently stores the incoming headers parameter in self._init_options which is
exposed via the public init_options property, so sensitive header values (e.g.,
auth tokens) can leak if init_options is logged or serialized; either avoid
exposing raw headers by removing or redacting the "headers" key from
self._init_options before assignment or implement redaction in the init_options
property getter (reference symbols: the constructor that populates
_init_options, the _init_options dict itself, and the public init_options
property) and ensure any logging or serialization paths use the redacted form.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@qdrant_client/async_qdrant_remote.py`:
- Around line 120-123: The headers merge currently applies user-provided headers
before the client sets "api-key" and "User-Agent", which silently overwrites
user values; update the merging logic in the async_qdrant_remote constructor
(the block that writes to self._rest_headers and self._grpc_headers) to
explicitly handle reserved keys: define a reserved set containing "api-key" and
"User-Agent" and either (A) prevent overrides by checking headers for any
reserved keys and raising a clear ValueError if present, or (B) allow overrides
by applying user headers after the client sets its defaults (i.e., set defaults
first then merge headers), and add matching behavior to the synchronous
implementation; also update the parameter docstring to state the chosen behavior
for reserved headers.

---

Nitpick comments:
In `@qdrant_client/async_qdrant_client.py`:
- Around line 107-112: The constructor currently stores the incoming headers
parameter in self._init_options which is exposed via the public init_options
property, so sensitive header values (e.g., auth tokens) can leak if
init_options is logged or serialized; either avoid exposing raw headers by
removing or redacting the "headers" key from self._init_options before
assignment or implement redaction in the init_options property getter (reference
symbols: the constructor that populates _init_options, the _init_options dict
itself, and the public init_options property) and ensure any logging or
serialization paths use the redacted form.

---

ℹ️ Review info

Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2406679c-962f-42c5-a86a-fa49c0f32aa0

📥 Commits

Reviewing files that changed from the base of the PR and between 63f6954 and a95a529.

📒 Files selected for processing (4)

• qdrant_client/async_qdrant_client.py
• qdrant_client/async_qdrant_remote.py
• qdrant_client/qdrant_client.py
• qdrant_client/qdrant_remote.py

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Find and examine both async and sync implementations of QdrantRemote
fd -t py ".*qdrant_remote" | head -20

Repository: qdrant/qdrant-client

Length of output: 233

---

🏁 Script executed:

# Search for header handling patterns in both files
rg -n "headers" --type=py -B 3 -A 3 qdrant_client/async_qdrant_remote.py qdrant_client/qdrant_remote.py

Repository: qdrant/qdrant-client

Length of output: 10040

---

🏁 Script executed:

# Get more context around lines 120-123 in the async file
cat -n qdrant_client/async_qdrant_remote.py | sed -n '110,140p'

Repository: qdrant/qdrant-client

Length of output: 1924

---

🏁 Script executed:

# Also check the sync version structure
cat -n qdrant_client/qdrant_remote.py | sed -n '110,140p'

Repository: qdrant/qdrant-client

Length of output: 1719

---

Document or reconsider the immutability of api-key and User-Agent headers.

Custom headers provided via the headers parameter are merged before api-key (line 131) and User-Agent (line 136) are set. If a user supplies these keys, they will be silently overwritten. This same pattern exists in the synchronous version, suggesting it is intentional to prevent users from breaking authentication or client identification.

If preventing user override is the intended behavior (to maintain critical functionality), add explicit documentation to the parameter description. If users should be able to customize these values, either apply custom headers last or raise an error if users attempt to override reserved keys.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@qdrant_client/async_qdrant_remote.py` around lines 120 - 123, The headers
merge currently applies user-provided headers before the client sets "api-key"
and "User-Agent", which silently overwrites user values; update the merging
logic in the async_qdrant_remote constructor (the block that writes to
self._rest_headers and self._grpc_headers) to explicitly handle reserved keys:
define a reserved set containing "api-key" and "User-Agent" and either (A)
prevent overrides by checking headers for any reserved keys and raising a clear
ValueError if present, or (B) allow overrides by applying user headers after the
client sets its defaults (i.e., set defaults first then merge headers), and add
matching behavior to the synchronous implementation; also update the parameter
docstring to state the chosen behavior for reserved headers.

[joein]

@Anush008 I actually agree with the coderabbit points, I think we might address those
I can do it if you'd like me to

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[Anush008]

Thanks @joein.