Skip to content

@jakubroztocil jakubroztocil released this Jan 12, 2020 · 5 commits to master since this release

  • Removed Python 2.7 support (Python 3.6+ is now required).
  • Added --offline to allow building an HTTP request and printing it but not actually sending it over the network.
  • Replaced the old collect-all-then-process handling of HTTP communication with one-by-one processing of each HTTP request or response as they become available. This means that you can see headers immediately, see what is being sent even if the request fails, etc.
  • Removed automatic config file creation to avoid concurrency issues.
  • Removed the default 30-second connection --timeout limit.
  • Removed Python’s default limit of 100 response headers.
  • Added --max-headers to allow setting the max header limit.
  • Added --compress to allow request body compression.
  • Added --ignore-netrc to allow bypassing credentials from .netrc.
  • Added https alias command with https:// as the default scheme.
  • Added $ALL_PROXY documentation.
  • Added type annotations throughout the codebase.
  • Added tests/ to the PyPi package for the convenience of downstream package maintainers.
  • Fixed an error when stdin was a closed fd.
  • Improved --debug output formatting.
Assets 2

@jakubroztocil jakubroztocil released this Aug 26, 2019 · 129 commits to master since this release

Fixed CVE-2019-10751 — the way the output filename is generated for --download requests without --output resulting in a redirect has been changed to only consider the initial URL as the base for the generated filename, and not the final one. This fixes a potential security issue under the following scenario:

  1. A --download request with no explicit --output is made (e.g., $ http -d example.org/file.txt), instructing HTTPie to generate the output filename from the Content-Disposition response header, or from the URL if the header is not provided.
  2. The server handling the request has been modified by an attacker and instead of the expected response the URL returns a redirect to another URL, e.g., attacker.example.org/.bash_profile, whose response does not provide a Content-Disposition header (i.e., the base for the generated filename becomes .bash_profile instead of file.txt).
  3. Your current directory doesn’t already contain .bash_profile (i.e., no unique suffix is added to the generated filename).
  4. You don’t notice the potentially unexpected output filename as reported by HTTPie in the console output (e.g., Downloading 100.00 B to ".bash_profile").
Assets 2

@jakubroztocil jakubroztocil released this Nov 14, 2018 · 144 commits to master since this release

  • Fixed tests for installation with pyOpenSSL.
Assets 2

@jakubroztocil jakubroztocil released this Nov 14, 2018 · 148 commits to master since this release

  • Removed external URL calls from tests.
Assets 2
  • 1.0.0
  • 2e96d7f
  • Compare
    Choose a tag to compare
    Search for a tag
  • 1.0.0
  • 2e96d7f
  • Compare
    Choose a tag to compare
    Search for a tag

@jakubroztocil jakubroztocil released this Nov 2, 2018 · 153 commits to master since this release

  • Added --style=auto which follows the terminal ANSI color styles.
  • Added support for selecting TLS 1.3 via --ssl=tls1.3
    (available once implemented in upstream libraries).
  • Added true/false as valid values for --verify
    (in addition to yes/no) and the boolean value is case-insensitive.
  • Changed the default --style from solarized to auto (on Windows it stays fruity).
  • Fixed default headers being incorrectly case-sensitive.
  • Removed Python 2.6 support.
Assets 2

@jakubroztocil jakubroztocil released this Jul 22, 2018 · 249 commits to master since this release

  • Only README changes.
Assets 2

@jakubroztocil jakubroztocil released this Dec 8, 2016 · 254 commits to master since this release

  • Extended auth plugin API.
  • Added exit status code 7 for plugin errors.
  • Added support for curses-less Python installations.
  • Fixed REQUEST_ITEM arg incorrectly being reported as required.
  • Improved CTRL-C interrupt handling.
  • Added the standard exit status code 130 for keyboard interrupts.
Assets 2
Dec 8, 2016

@jakubroztocil jakubroztocil released this Aug 13, 2016 · 298 commits to master since this release

  • Added Python 3 as a dependency for Homebrew installations
    to ensure some of the newer HTTP features work out of the box
    for macOS users (starting with HTTPie 0.9.4.).
  • Added the ability to unset a request header with Header:, and send an
    empty value with Header;.
  • Added --default-scheme <URL_SCHEME> to enable things like
    $ alias https='http --default-scheme=https.
  • Added -I as a shortcut for --ignore-stdin.
  • Added fish shell completion (located in extras/httpie-completion.fish
    in the Github repo).
  • Updated requests to 2.10.0 so that SOCKS support can be added via
    pip install requests[socks].
  • Changed the default JSON Accept header from application/json
    to application/json, */*.
  • Changed the pre-processing of request HTTP headers so that any leading
    and trailing whitespace is removed.
Assets 2

@jakubroztocil jakubroztocil released this Jul 1, 2016 · 334 commits to master since this release

  • Added Content-Type of files uploaded in multipart/form-data requests
  • Added --ssl=<PROTOCOL> to specify the desired SSL/TLS protocol version
    to use for HTTPS requests.
  • Added JSON detection with --json, -j to work around incorrect
    Content-Type
  • Added --all to show intermediate responses such as redirects (with --follow)
  • Added --history-print, -P WHAT to specify formatting of intermediate responses
  • Added --max-redirects=N (default 30)
  • Added -A as short name for --auth-type
  • Added -F as short name for --follow
  • Removed the implicit_content_type config option
    (use "default_options": ["--form"] instead)
  • Redirected stdout doesn't trigger an error anymore when --output FILE
    is set
  • Changed the default --style back to solarized for better support
    of light and dark terminals
  • Improved --debug output
  • Fixed --session when used with --download
  • Fixed --download to trim too long filenames before saving the file
  • Fixed the handling of Content-Type with multiple +subtype parts
  • Removed the XML formatter as the implementation suffered from multiple issues
Assets 2
You can’t perform that action at this time.