Expose X-VGI-Content-Encoding in CORS headers (v0.6.3)

rustyconover · claude · rustyconover · commit f6dd979d460b · 2026-03-25T20:42:47.000-04:00
Add X-VGI-Content-Encoding to the always-exposed CORS response headers
so browser clients can detect zstd-compressed responses cross-origin.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "vgi-rpc"
-version = "0.6.2"
+version = "0.6.3"
 description = "Vector Gateway Interface - RPC framework based on Apache Arrow"
 readme = "README.md"
 requires-python = ">=3.13"
diff --git a/tests/test_http.py b/tests/test_http.py
@@ -1114,15 +1114,16 @@ def test_cors_specific_origin(self) -> None:
         resp = tc.simulate_options("/add", headers={"Origin": "http://example.com"})
         assert resp.headers.get("access-control-allow-origin") == "http://example.com"
 
-    def test_cors_exposes_www_authenticate_and_request_id(self) -> None:
-        """CORS always exposes WWW-Authenticate and X-Request-ID headers."""
+    def test_cors_exposes_standard_headers(self) -> None:
+        """CORS always exposes WWW-Authenticate, X-Request-ID, and X-VGI-Content-Encoding."""
         server = RpcServer(RpcFixtureService, RpcFixtureServiceImpl())
         app = make_wsgi_app(server, signing_key=b"test", cors_origins="*")
         tc = falcon.testing.TestClient(app)
         resp = tc.simulate_options("/add", headers={"Origin": "http://example.com"})
         expose = resp.headers.get("access-control-expose-headers", "")
         assert "WWW-Authenticate" in expose
         assert "X-Request-ID" in expose
+        assert "X-VGI-Content-Encoding" in expose
 
     def test_no_cors_by_default(self) -> None:
         """Without cors_origins, no CORS headers are added."""
diff --git a/uv.lock b/uv.lock
diff --git a/vgi_rpc/http/_server.py b/vgi_rpc/http/_server.py
@@ -2134,7 +2134,7 @@ def make_wsgi_app(
 
     # Always expose auth and request-id headers; capability headers are
     # appended conditionally below.
-    cors_expose: list[str] = ["WWW-Authenticate", _REQUEST_ID_HEADER]
+    cors_expose: list[str] = ["WWW-Authenticate", _REQUEST_ID_HEADER, "X-VGI-Content-Encoding"]
 
     # Build capability headers
     capability_headers: dict[str, str] = {}
