[Bug]: HEAD requests for DAV folder downloads with ?accept=zip trigger "headers already sent" warnings

[equillibrium]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

HEAD requests for DAV folder downloads with ?accept=zip trigger PHP warnings about headers already being sent.

Observed warning:

Cannot modify header information - headers already sent by (output started at /.../3rdparty/deepdiver/zipstreamer/src/ZipStreamer.php:325) at /.../3rdparty/sabre/http/lib/Sapi.php#64

Also seen with #68 and #70.

This seems specific to HEAD requests for folder archive downloads over DAV.

Steps to reproduce

1. Request a folder over DAV as archive with ?accept=zip
2. Use HEAD instead of GET
3. Check nextcloud.log

Example shape:

HEAD /remote.php/dav/files/<user>/<folder>/?accept=zip

Expected behavior

HEAD should not stream archive body data and should not produce PHP warnings.

Nextcloud Server version

32

Operating system

RHEL/CentOS

PHP engine version

PHP 8.2

Web server

Nginx

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

Upgraded to a MAJOR version (ex. 31 to 32)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "version": "32.0.6.2",
    "log_type": "file",
    "loglevel": 2,
    "overwriteprotocol": "https"
  }

List of activated Apps

Nextcloud Signing status

Nextcloud Logs

{
    "level": 2,
    "app": "PHP",
    "method": "HEAD",
    "url": "/remote.php/dav/files/<user>/<folder>/?accept=zip",
    "message": "Cannot modify header information - headers already sent by (output started at /mnt/ncdata/nextcloud/3rdparty/deepdiver/zipstreamer/src/ZipStreamer.php:325) at /mnt/ncdata/nextcloud/3rdparty/sabre/http/lib/Sapi.php#64",
    "version": "32.0.6.2"
  }

Additional info

Relevant code path on the affected instance:

• apps/dav/lib/Connector/Sabre/ZipFolderPlugin.php:172-173
  • creates new Streamer(...)
  • calls $streamer->sendHeaders(...)
• lib/private/Streamer.php
  • delegates to ZipStreamer
• 3rdparty/deepdiver/zipstreamer/src/ZipStreamer.php
  • writes directly to output stream
• 3rdparty/sabre/http/lib/Sapi.php
  • later calls header(...)

This suggests HEAD handling for DAV zip downloads is incomplete or inconsistent with the streaming response path.