Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 40 million developers.Sign up
- Removed Python 2.7 support (Python 3.6+ is now required).
--offlineto allow building an HTTP request and printing it but not actually sending it over the network.
- Replaced the old collect-all-then-process handling of HTTP communication with one-by-one processing of each HTTP request or response as they become available. This means that you can see headers immediately, see what is being sent even if the request fails, etc.
- Removed automatic config file creation to avoid concurrency issues.
- Removed the default 30-second connection
- Removed Python’s default limit of 100 response headers.
--max-headersto allow setting the max header limit.
--compress to allow request body compression.
--ignore-netrcto allow bypassing credentials from
httpsalias command with
https://as the default scheme.
- Added type annotations throughout the codebase.
tests/to the PyPi package for the convenience of downstream package maintainers.
- Fixed an error when
stdinwas a closed fd.
Fixed CVE-2019-10751 — the way the output filename is generated for
--download requests without
--output resulting in a redirect has been changed to only consider the initial URL as the base for the generated filename, and not the final one. This fixes a potential security issue under the following scenario:
--downloadrequest with no explicit
--outputis made (e.g.,
$ http -d example.org/file.txt), instructing HTTPie to generate the output filename from the
Content-Dispositionresponse header, or from the URL if the header is not provided.
- The server handling the request has been modified by an attacker and instead of the expected response the URL returns a redirect to another URL, e.g.,
attacker.example.org/.bash_profile, whose response does not provide a
Content-Dispositionheader (i.e., the base for the generated filename becomes
- Your current directory doesn’t already contain
.bash_profile(i.e., no unique suffix is added to the generated filename).
- You don’t notice the potentially unexpected output filename as reported by HTTPie in the console output (e.g.,
Downloading 100.00 B to ".bash_profile").
--style=autowhich follows the terminal ANSI color styles.
- Added support for selecting TLS 1.3 via
(available once implemented in upstream libraries).
falseas valid values for
(in addition to
no) and the boolean value is case-insensitive.
- Changed the default
auto(on Windows it stays
- Fixed default headers being incorrectly case-sensitive.
- Removed Python 2.6 support.
- Extended auth plugin API.
- Added exit status code
7for plugin errors.
- Added support for
curses-less Python installations.
REQUEST_ITEMarg incorrectly being reported as required.
- Added the standard exit status code
130for keyboard interrupts.
- Added Python 3 as a dependency for Homebrew installations
to ensure some of the newer HTTP features work out of the box
for macOS users (starting with HTTPie 0.9.4.).
- Added the ability to unset a request header with
Header:, and send an
empty value with
--default-scheme <URL_SCHEME>to enable things like
$ alias https='http --default-scheme=https.
-Ias a shortcut for
- Added fish shell completion (located in
in the Github repo).
requeststo 2.10.0 so that SOCKS support can be added via
pip install requests[socks].
- Changed the default JSON
- Changed the pre-processing of request HTTP headers so that any leading
and trailing whitespace is removed.
Content-Typeof files uploaded in
--ssl=<PROTOCOL>to specify the desired SSL/TLS protocol version
to use for HTTPS requests.
- Added JSON detection with
--json, -jto work around incorrect
--allto show intermediate responses such as redirects (with
--history-print, -P WHATto specify formatting of intermediate responses
-Aas short name for
-Fas short name for
- Removed the
stdoutdoesn't trigger an error anymore when
- Changed the default
solarizedfor better support
of light and dark terminals
--sessionwhen used with
--downloadto trim too long filenames before saving the file
- Fixed the handling of
- Removed the XML formatter as the implementation suffered from multiple issues