Allow passing custom headers to HfApi

[Wauplin]

cc @rafaelpierrehf @philschmid I'll document + add tests for it later but the current implementation should be good as it is now. Here is a short example on how it can be used to authenticate via cookies:

from pathlib import Path
from huggingface_hub import HfApi

HF_COOKIE = "token=XATmoNot...;"
api = HfApi(headers={"Cookie": HF_COOKIE}, token=False)

# Create repo
repo_url = api.create_repo("test_with_cookie")

# Upload file 
api.upload_file(repo_id=repo_url.repo_id, path_in_repo="file.txt", path_or_fileobj=b"content")

# Download file
path = api.hf_hub_download(repo_id=repo_url.repo_id, filename="file.txt")
print(Path(path).read_text())
# 'content'

Which resulted in https://huggingface.co/Wauplin/test_with_cookie.

EDIT: failing tests are mostly due to warnings.

[HuggingFaceDocBuilderDev]

The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update.

[LysandreJik]

LGTM! Thanks for the changes.

[LysandreJik]

Should the token be generally expected in the headers in that case, rather than put as a kwarg? Or is it a public-facing function and we can't change the API maybe

[Wauplin]

Yes I removed token whenever possible but this one is not a private method so just in case I did not remove token from the params.

[Wauplin]

(though it's not a documented / promoted method)

[Wauplin]

Thanks for the review @LysandreJik! I'll merge it as it is

[albertvillanova]

Hi @Wauplin, we would like to know if we should update our code to use headers instead of token.

CC: @severo

[Wauplin]

we would like to know if we should update our code to use headers instead of token.

No, using tokens is the recommended way of handling authentication.
Passing headers can be more flexible but has very limited use cases so not something we want to promote.