This document records all notable changes to HTTPie. This project adheres to Semantic Versioning.
4.0.0 (unreleased)
- Switched from the
requests
library to the compatibleniquests
. (#1531) - Added support for HTTP/2, and HTTP/3 protocols. (#523, #692, #1531)
- Added support for early (informational) responses. (#752) (#1531)
- Added support for IPv4/IPv6 enforcement with
-6
and-4
. (#94, #1531) - Added support for Happy Eyeballs algorithm via
--heb
flag (disabled by default). #1599 #1531 - Added support for alternative DNS resolvers via
--resolver
. DNS over HTTPS, DNS over TLS, DNS over QUIC, and DNS over UDP are accepted. (#99, #1531) - Added support for binding to a specific network adapter with
--interface
. (#1422, #1531) - Added support for specifying the local port with
--local-port
. (#1456, #1531) - Added request metadata for the TLS certificate, negotiated version with cipher, the revocation status and the remote peer IP address. (#1495, #1023, #826, #1531)
- Added support to load the operating system trust store for the peer certificate validation. (#480, #1531)
- Added support for using the system trust store to retrieve root CAs for verifying TLS certificates. (#1531)
- Added detailed timings in response metadata with DNS resolution, established, TLS handshake, and request sending delays. (#1023, #1531)
- Added automated resolution of hosts ending with
.localhost
to the default loopback address. (#1458, #1527) - Fixed the case when multiple headers where concatenated in the response output. (#1413, #1531)
- Fixed an edge case where HTTPie could be lead to believe data was passed in stdin, thus sending a POST by default. (#1551, #1531) This fix has the particularity to consider 0 byte long stdin buffer as absent stdin. Empty stdin buffer will be ignored.
- Improved performance while downloading by setting chunk size to
-1
to retrieve packets as they arrive. (#1531) - Fixed multipart form data having filename not rfc2231 compliant when name contain non-ascii characters. (#1401)
- Fixed issue where the configuration directory was not created at runtime that made the update fetcher run everytime. (#1527)
- Fixed cookie persistence in HTTPie session when targeting localhost. They were dropped due to the standard library. (#1527)
- Fixed downloader when trying to fetch compressed content. The process will no longer exit with the "Incomplete download" error. (#1554, #423, #1527)
- Fixed downloader yielding an incorrect speed when the remote is using
Content-Encoding
aka. compressed body. (#1554, #423, #1527) - Removed support for preserving the original casing of HTTP headers. This comes as a constraint of newer protocols, namely HTTP/2+ that normalize header keys by default. From the HTTPie user perspective, they are "prettified" in the output by default. e.g.
x-hello-world
is displayed asX-Hello-World
. - Removed support for
pyopenssl
. (#1531) - Removed support for dead SSL protocols < TLS 1.0 (e.g. sslv3) as per pyopenssl removal. (#1531)
- Removed dependency on
requests_toolbelt
in favor of directly includingMultipartEncoder
into HTTPie due to its direct dependency to requests. (#1531) - Removed dependency on
multidict
in favor of an internal one due to often missing pre-built wheels. (#1522, #1531)
Existing plugins are expected to work without any changes. The only caveat would be that certain plugins explicitly require requests
.
Future contributions may be made in order to relax the constraints where applicable.
3.2.3 (2024-07-10)
- Fix SSL connections by pinning the
requests
version to2.31.0
. (#1583, #1581) - Make it possible to unset the
User-Agent
andAccept-Encoding
request headers. (#1502)
3.2.2 (2023-05-19)
- Fixed compatibility with urllib3 2.0.0. (#1499)
3.2.1 (2022-05-06)
- Improved support for determining auto-streaming when the
Content-Type
header includes encoding information. (#1383) - Fixed the display of the crash happening in the secondary process for update checks. (#1388)
3.2.0 (2022-05-05)
- Added a warning for notifying the user about the new updates. (#1336)
- Added support for single binary executables. (#1330)
- Added support for man pages (and auto generation of them from the parser declaration). (#1317)
- Added
http --manual
for man pages & regular manual with pager. (#1343) - Added support for session persistence of repeated headers with the same name. (#1335)
- Added support for sending
Secure
cookies to thelocalhost
(and.local
suffixed domains). (#1308) - Improved UI for the progress bars. (#1324)
- Fixed redundant creation of
Content-Length
header onOPTIONS
requests. (#1310) - Fixed blocking of warning thread on some use cases. (#1349)
- Changed
httpie plugins
to the newhttpie cli
namespace ashttpie cli plugins
(httpie plugins
continues to work as a hidden alias). (#1320) - Soft deprecated the
--history-print
. (#1380)
3.1.0 (2022-03-08)
- SECURITY Fixed the vulnerability that caused exposure of cookies on redirects to third party hosts. (#1312)
- Fixed escaping of integer indexes with multiple backslashes in the nested JSON builder. (#1285)
- Fixed displaying of status code without a status message on non-
auto
themes. (#1300) - Fixed redundant issuance of stdin detection warnings on some rare cases due to underlying implementation. (#1303)
- Fixed double
--quiet
so that it will now suppress all python level warnings. (#1271) - Added support for specifying certificate private key passphrases through
--cert-key-pass
and prompts. (#946) - Added
httpie cli export-args
command for exposing the parser specification for thehttp
/https
commands. (#1293) - Improved regulation of top-level arrays. (#1292)
- Improved UI layout for standalone invocations. (#1296)
3.0.2 (2022-01-24)
What’s new in HTTPie for Terminal 3.0 →
- Fixed usage of
httpie
when there is a presence of a config withdefault_options
. (#1280)
3.0.1 (2022-01-23)
What’s new in HTTPie for Terminal 3.0 →
- Changed the value shown as time elapsed from time-to-read-headers to total exchange time. (#1277)
3.0.0 (2022-01-21)
What’s new in HTTPie for Terminal 3.0 →
- Dropped support for Python 3.6. (#1177)
- Improved startup time by 40%. (#1211)
- Added support for nested JSON syntax. (#1169)
- Added
httpie plugins
interface for plugin management. (#566) - Added support for Bearer authentication via
--auth-type=bearer
(#1215). - Added support for quick conversions of pasted URLs into HTTPie calls by adding a space after the protocol name (
$ https ://pie.dev
→https://pie.dev
). (#1195) - Added support for sending multiple HTTP header lines with the same name. (#130)
- Added support for receiving multiple HTTP headers lines with the same name. (#1207)
- Added support for basic JSON types on
--form
/--multipart
when using JSON only operators (:=
/:=@
). (#1212) - Added support for automatically enabling
--stream
whenContent-Type
istext/event-stream
. (#376) - Added support for displaying the total elapsed time through
--meta
/-vv
or--print=m
. (#243) - Added new
pie-dark
/pie-light
(andpie
) styles that match with HTTPie for Web and Desktop. (#1237) - Added support for better error handling on DNS failures. (#1248)
- Added support for storing prompted passwords in the local sessions. (#1098)
- Added warnings about the
--ignore-stdin
, when there is no incoming data from stdin. (#1255) - Fixed crashing due to broken plugins. (#1204)
- Fixed auto addition of XML declaration to every formatted XML response. (#1156)
- Fixed highlighting when
Content-Type
specifiescharset
. (#1242) - Fixed an unexpected crash when
--raw
is used with--chunked
. (#1253) - Changed the default Windows theme from
fruity
toauto
. (#1266)
2.6.0 (2021-10-14)
What’s new in HTTPie for Terminal 2.6.0 →
- Added support for formatting & coloring of JSON bodies preceded by non-JSON data (e.g., an XXSI prefix). (#1130)
- Added charset auto-detection when
Content-Type
doesn’t include it. (#1110, #1168) - Added
--response-charset
to allow overriding the response encoding for terminal display purposes. (#1168) - Added
--response-mime
to allow overriding the response mime type for coloring and formatting for the terminal. (#1168) - Added the ability to silence warnings through using
-q
or--quiet
twice (e.g.-qq
) (#1175) - Added installed plugin list to
--debug
output. (#1165) - Fixed duplicate keys preservation in JSON data. (#1163)
2.5.0 (2021-09-06)
What’s new in HTTPie for Terminal 2.5.0 →
- Added
--raw
to allow specifying the raw request body without extra processing as an alternative tostdin
. (#534) - Added support for XML formatting. (#1129)
- Added internal support for file-like object responses to improve adapter plugin support. (#1094)
- Fixed
--continue --download
with a single byte to be downloaded left. (#1032) - Fixed
--verbose
HTTP 307 redirects with streamed request body. (#1088) - Fixed handling of session files with
Cookie:
followed by other headers. (#1126)
2.4.0 (2021-02-06)
- Added support for
--session
cookie expiration based onSet-Cookie: max-age=<n>
. (#1029) - Show a
--check-status
warning with--quiet
as well, not only when the output is redirected. (#1026) - Fixed upload with
--session
(#1020). - Fixed a missing blank line between request and response (#1006).
2.3.0 (2020-10-25)
- Added support for streamed uploads (#201).
- Added support for multipart upload streaming (#684).
- Added support for body-from-file upload streaming (
http pie.dev/post @file
). - Added
--chunked
to enable chunked transfer encoding (#753). - Added
--multipart
to allowmultipart/form-data
encoding for non-file--form
requests as well. - Added support for preserving field order in multipart requests (#903).
- Added
--boundary
to allow a custom boundary string formultipart/form-data
requests. - Added support for combining cookies specified on the CLI and in a session file (#932).
- Added out of the box SOCKS support with no extra installation (#904).
- Added
--quiet, -q
flag to enforce silent behaviour. - Fixed the handling of invalid
expires
dates inSet-Cookie
headers (#963). - Removed Tox testing entirely (#943).
2.2.0 (2020-06-18)
- Added support for custom content types for uploaded files (#668).
- Added support for
$XDG_CONFIG_HOME
(#920). - Added support for
Set-Cookie
-triggered cookie expiration (#853). - Added
--format-options
to allow disabling sorting, etc. (#128) - Added
--sorted
and--unsorted
shortcuts for (un)setting all sorting-related--format-options
. (#128) - Added
--ciphers
to allow configuring OpenSSL ciphers (#870). - Added
netrc
support for auth plugins. Enabled for--auth-type=basic
anddigest
, 3rd parties may opt in (#718, #719, #852, #934). - Fixed built-in plugins-related circular imports (#925).
2.1.0 (2020-04-18)
- Added
--path-as-is
to bypass dot segment (/../
or/./
) URL squashing (#895). - Changed the default
Accept
header value for JSON requests fromapplication/json, */*
toapplication/json, */*;q=0.5
to clearly indicate preference (#488). - Fixed
--form
file upload mixed with redirectedstdin
error handling (#840).
2.0.0 (2020-01-12)
- Removed Python 2.7 support (EOL Jan 2020.
- Added
--offline
to allow building an HTTP request and printing it but not actually sending it over the network. - Replaced the old collect-all-then-process handling of HTTP communication with one-by-one processing of each HTTP request or response as they become available. This means that you can see headers immediately, see what is being sent even if the request fails, etc.
- Removed automatic config file creation to avoid concurrency issues.
- Removed the default 30-second connection
--timeout
limit. - Removed Python’s default limit of 100 response headers.
- Added
--max-headers
to allow setting the max header limit. - Added
--compress
to allow request body compression. - Added
--ignore-netrc
to allow bypassing credentials from.netrc
. - Added
https
alias command withhttps://
as the default scheme. - Added
$ALL_PROXY
documentation. - Added type annotations throughout the codebase.
- Added
tests/
to the PyPi package for the convenience of downstream package maintainers. - Fixed an error when
stdin
was a closed fd. - Improved
--debug
output formatting.
1.0.3 (2019-08-26)
-
Fixed CVE-2019-10751 — the way the output filename is generated for
--download
requests without--output
resulting in a redirect has been changed to only consider the initial URL as the base for the generated filename, and not the final one. This fixes a potential security issue under the following scenario:- A
--download
request with no explicit--output
is made (e.g.,$ http -d example.org/file.txt
), instructing httpie to generate the output filename from theContent-Disposition
response header, or from the URL if the header is not provided. - The server handling the request has been modified by an attacker and
instead of the expected response the URL returns a redirect to another
URL, e.g.,
attacker.example.org/.bash_profile
, whose response does not provide aContent-Disposition
header (i.e., the base for the generated filename becomes.bash_profile
instead offile.txt
). - Your current directory doesn’t already contain
.bash_profile
(i.e., no unique suffix is added to the generated filename). - You don’t notice the potentially unexpected output filename
as reported by httpie in the console output
(e.g.,
Downloading 100.00 B to ".bash_profile"
).
Reported by Raul Onitza and Giulio Comi.
- A
1.0.2 (2018-11-14)
- Fixed tests for installation with pyOpenSSL.
1.0.1 (2018-11-14)
- Removed external URL calls from tests.
1.0.0 (2018-11-02)
- Added
--style=auto
which follows the terminal ANSI color styles. - Added support for selecting TLS 1.3 via
--ssl=tls1.3
(available once implemented in upstream libraries). - Added
true
/false
as valid values for--verify
(in addition toyes
/no
) and the boolean value is case-insensitive. - Changed the default
--style
fromsolarized
toauto
(on Windows it staysfruity
). - Fixed default headers being incorrectly case-sensitive.
- Removed Python 2.6 support.
0.9.9 (2016-12-08)
- Fixed README.
0.9.8 (2016-12-08)
- Extended auth plugin API.
- Added exit status code
7
for plugin errors. - Added support for
curses
-less Python installations. - Fixed
REQUEST_ITEM
arg incorrectly being reported as required. - Improved
CTRL-C
interrupt handling. - Added the standard exit status code
130
for keyboard interrupts.
0.9.6 (2016-08-13)
- Added Python 3 as a dependency for Homebrew installations to ensure some of the newer HTTP features work out of the box for macOS users (starting with HTTPie 0.9.4.).
- Added the ability to unset a request header with
Header:
, and send an empty value withHeader;
. - Added
--default-scheme <URL_SCHEME>
to enable things like$ alias https='http --default-scheme=https
. - Added
-I
as a shortcut for--ignore-stdin
. - Added fish shell completion (located in
extras/httpie-completion.fish
in the GitHub repo). - Updated
requests
to 2.10.0 so that SOCKS support can be added viapip install requests[socks]
. - Changed the default JSON
Accept
header fromapplication/json
toapplication/json, */*
. - Changed the pre-processing of request HTTP headers so that any leading and trailing whitespace is removed.
0.9.4 (2016-07-01)
- Added
Content-Type
of files uploaded inmultipart/form-data
requests - Added
--ssl=<PROTOCOL>
to specify the desired SSL/TLS protocol version to use for HTTPS requests. - Added JSON detection with
--json, -j
to work around incorrectContent-Type
- Added
--all
to show intermediate responses such as redirects (with--follow
) - Added
--history-print, -P WHAT
to specify formatting of intermediate responses - Added
--max-redirects=N
(default 30) - Added
-A
as short name for--auth-type
- Added
-F
as short name for--follow
- Removed the
implicit_content_type
config option (use"default_options": ["--form"]
instead) - Redirected
stdout
doesn't trigger an error anymore when--output FILE
is set - Changed the default
--style
back tosolarized
for better support of light and dark terminals - Improved
--debug
output - Fixed
--session
when used with--download
- Fixed
--download
to trim too long filenames before saving the file - Fixed the handling of
Content-Type
with multiple+subtype
parts - Removed the XML formatter as the implementation suffered from multiple issues
0.9.3 (2016-01-01)
- Changed the default color
--style
fromsolarized
tomonokai
- Added basic Bash autocomplete support (need to be installed manually)
- Added request details to connection error messages
- Fixed
'requests.packages.urllib3' has no attribute 'disable_warnings'
errors that occurred in some installations - Fixed colors and formatting on Windows
- Fixed
--auth
prompt on Windows
0.9.2 (2015-02-24)
- Fixed compatibility with Requests 2.5.1
- Changed the default JSON
Content-Type
toapplication/json
as UTF-8 is the default JSON encoding
0.9.1 (2015-02-07)
- Added support for Requests transport adapter plugins (see httpie-unixsocket and httpie-http2)
0.9.0 (2015-01-31)
- Added
--cert
and--cert-key
parameters to specify a client side certificate and private key for SSL - Improved unicode support
- Improved terminal color depth detection via
curses
- To make it easier to deal with Windows paths in request items,
\
now only escapes special characters (the ones that are used as key-value separators by HTTPie) - Switched from
unittest
topytest
- Added Python
wheel
support - Various test suite improvements
- Added
CONTRIBUTING
- Fixed
User-Agent
overwriting when used within a session - Fixed handling of empty passwords in URL credentials
- Fixed multiple file uploads with the same form field name
- Fixed
--output=/dev/null
on Linux - Miscellaneous bugfixes
0.8.0 (2014-01-25)
- Added
[email protected]
andfield:[email protected]
for embedding the contents of text and JSON files into request data - Added curl-style shorthand for localhost
- Fixed request
Host
header value output so that it doesn't contain credentials, if included in the URL
0.7.1 (2013-09-24)
- Added
--ignore-stdin
- Added support for auth plugins
- Improved
--help
output - Improved
Content-Disposition
parsing for--download
mode - Update to Requests 2.0.0
0.6.0 (2013-06-03)
- XML data is now formatted
--session
and--session-read-only
now also accept paths to session files (eg.http --session=/tmp/session.json example.org
)
0.5.1 (2013-05-13)
Content-*
andIf-*
request headers are not stored in sessions anymore as they are request-specific
0.5.0 (2013-04-27)
- Added a download mode via
--download
- Fixes miscellaneous bugs
0.4.1 (2013-02-26)
- Fixed
setup.py
0.4.0 (2013-02-22)
- Added Python 3.3 compatibility
- Added Requests >= v1.0.4 compatibility
- Added support for credentials in URL
- Added
--no-option
for every--option
to be config-friendly - Mutually exclusive arguments can be specified multiple times. The last value is used
0.3.0 (2012-09-21)
- Allow output redirection on Windows
- Added configuration file
- Added persistent session support
- Renamed
--allow-redirects
to--follow
- Improved the usability of
http --help
- Fixed installation on Windows with Python 3
- Fixed colorized output on Windows with Python 3
- CRLF HTTP header field separation in the output
- Added exit status code
2
for timed-out requests - Added the option to separate colorizing and formatting
(
--pretty=all
,--pretty=colors
and--pretty=format
)--ugly
has bee removed in favor of--pretty=none
0.2.7 (2012-08-07)
- Added compatibility with Requests 0.13.6
- Added streamed terminal output.
--stream, -S
can be used to enable streaming also with--pretty
and to ensure a more frequent output flushing - Added support for efficient large file downloads
- Sort headers by name (unless
--pretty=none
) - Response body is fetched only when needed (e.g., not with
--headers
) - Improved content type matching
- Updated Solarized color scheme
- Windows: Added
--output FILE
to store output into a file (piping results in corrupted data on Windows) - Proper handling of binary requests and responses
- Fixed printing of
multipart/form-data
requests - Renamed
--traceback
to--debug
0.2.6 (2012-07-26)
- The short option for
--headers
is now-h
(-t
has been removed, for usage use--help
) - Form data and URL parameters can have multiple fields with the same name
(e.g.,
http -f url a=1 a=2
) - Added
--check-status
to exit with an error on HTTP 3xx, 4xx and 5xx (3, 4, and 5, respectively) - If the output is piped to another program or redirected to a file,
the default behaviour is to only print the response body
(It can still be overwritten via the
--print
flag.) - Improved highlighting of HTTP headers
- Added query string parameters (
param==value
) - Added support for terminal colors under Windows
0.2.5 (2012-07-17)
- Unicode characters in prettified JSON now don't get escaped for improved readability
- --auth now prompts for a password if only a username provided
- Added support for request payloads from a file path with automatic
Content-Type
(http URL @/path
) - Fixed missing query string when displaying the request headers via
--verbose
- Fixed Content-Type for requests with no data
0.2.2 (2012-06-24)
- The
METHOD
positional argument can now be omitted (defaults toGET
, or toPOST
with data) - Fixed --verbose --form
- Added support for Tox
0.2.1 (2012-06-13)
- Added compatibility with
requests-0.12.1
- Dropped custom JSON and HTTP lexers in favor of the ones newly included
in
pygments-1.5
0.2.0 (2012-04-25)
- Added Python 3 support
- Added the ability to print the HTTP request as well as the response
(see
--print
and--verbose
) - Added support for Digest authentication
- Added file upload support
(
http -f POST file_field_name@/path/to/file
) - Improved syntax highlighting for JSON
- Added support for field name escaping
- Many bug fixes
0.1.6 (2012-03-04)
- Fixed
setup.py
0.1.5 (2012-03-04)
- Many improvements and bug fixes
0.1.4 (2012-02-28)
- Many improvements and bug fixes
0.1.0 (2012-02-25)
- Initial public release