🥧 HTTPie CLI — modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more.
http httpbin.org/post @file
).--chunked
to enable chunked transfer encoding (#753).--multipart
to allow multipart/form-data
encoding for non-file --form
requests as well.--boundary
to allow a custom boundary string for multipart/form-data
requests.--quiet, -q
flag to enforce silent behaviour.expires
dates in Set-Cookie
headers (#963).HTTPie /aitch-tee-tee-pie/ CLI is a user-friendly command-line HTTP client for the API era. It comes with JSON support, syntax highlighting, persistent sessions, wget-like downloads, plugins, and more.
Learn more: https://httpie.org Install HTTPie: https://httpie.org/docs#installation
$XDG_CONFIG_HOME
(#920).Set-Cookie
-triggered cookie expiration (#853).--format-options
to allow disabling sorting, changing JSON indent size, etc. (#128)--sorted
and --unsorted
shortcuts for (un)setting all sorting-related --format-options
. (#128)--ciphers
to allow configuring OpenSSL ciphers (#870).netrc
support for auth plugins. Enabled for --auth-type=basic
and digest, 3rd parties may opt in (#718, #719, #852, #934).--path-as-is
to bypass dot segment (/../
or /./
) URL squashing (#895).Accept
header value for JSON requests from application/json, */*
to application/json, */*;q=0.5
to clearly indicate preference (#488).--form
file upload mixed with redirected stdin
error handling (#840).--offline
to allow building an HTTP request and printing it but not actually sending it over the network.--timeout
limit.--max-headers
to allow setting the max header limit.--compres
s to allow request body compression.--ignore-netrc
to allow bypassing credentials from .netrc
.https
alias command with https://
as the default scheme.$ALL_PROXY
documentation.tests/
to the PyPi package for the convenience of downstream package maintainers.stdin
was a closed fd.--debug
output formatting.Fixed CVE-2019-10751 — the way the output filename is generated for --download
requests without --output
resulting in a redirect has been changed to only consider the initial URL as the base for the generated filename, and not the final one. This fixes a potential security issue under the following scenario:
--download
request with no explicit --output
is made (e.g., $ http -d example.org/file.txt
), instructing HTTPie to generate the output filename from the Content-Disposition
response header, or from the URL if the header is not provided.attacker.example.org/.bash_profile
, whose response does not provide a Content-Disposition
header (i.e., the base for the generated filename becomes .bash_profile
instead of file.txt
)..bash_profile
(i.e., no unique suffix is added to the generated filename).Downloading 100.00 B to ".bash_profile"
).--style=auto
which follows the terminal ANSI color styles.--ssl=tls1.3
(available once implemented in upstream libraries).true
/false
as valid values for --verify
(in addition to yes
/no
) and the boolean value is case-insensitive.--style
from solarized
to auto
(on Windows it stays fruity
).7
for plugin errors.curses
-less Python installations.REQUEST_ITEM
arg incorrectly being reported as required.CTRL-C
interrupt handling.130
for keyboard interrupts.