Httpie Versions Save

• Added support for streamed uploads (#201).
• Added support for multipart upload streaming (#684).
• Added support for body-from-file upload streaming (http httpbin.org/post @file).
• Added --chunked to enable chunked transfer encoding (#753).
• Added --multipart to allow multipart/form-data encoding for non-file --form requests as well.
• Added support for preserving field order in multipart requests (#903).
• Added --boundary to allow a custom boundary string for multipart/form-data requests.
• Added support for combining cookies specified on the CLI and in a session file (#932).
• Added out of the box SOCKS support with no extra installation (#904).
• Added --quiet, -q flag to enforce silent behaviour.
• Fixed the handling of invalid expires dates in Set-Cookie headers (#963).
• Removed Tox testing entirely (#943).

HTTPie /aitch-tee-tee-pie/ CLI is a user-friendly command-line HTTP client for the API era. It comes with JSON support, syntax highlighting, persistent sessions, wget-like downloads, plugins, and more.

Learn more: https://httpie.org Install HTTPie: https://httpie.org/docs#installation

• Added support for custom content types for uploaded files (#927, #668).
• Added support for $XDG_CONFIG_HOME (#920).
• Added support for Set-Cookie-triggered cookie expiration (#853).
• Added --format-options to allow disabling sorting, changing JSON indent size, etc. (#128)
• Added --sorted and --unsorted shortcuts for (un)setting all sorting-related --format-options. (#128)
• Added --ciphers to allow configuring OpenSSL ciphers (#870).
• Added netrc support for auth plugins. Enabled for --auth-type=basic and digest, 3rd parties may opt in (#718, #719, #852, #934).
• Fixed built-in plugins-related circular imports (#925).

• Added --path-as-is to bypass dot segment (/../ or /./) URL squashing (#895).
• Changed the default Accept header value for JSON requests from application/json, */* to application/json, */*;q=0.5 to clearly indicate preference (#488).
• Fixed --form file upload mixed with redirected stdin error handling (#840).

• Removed Python 2.7 support (Python 3.6+ is now required).
• Added --offline to allow building an HTTP request and printing it but not actually sending it over the network.
• Replaced the old collect-all-then-process handling of HTTP communication with one-by-one processing of each HTTP request or response as they become available. This means that you can see headers immediately, see what is being sent even if the request fails, etc.
• Removed automatic config file creation to avoid concurrency issues.
• Removed the default 30-second connection --timeout limit.
• Removed Python’s default limit of 100 response headers.
• Added --max-headers to allow setting the max header limit.
• Added --compress to allow request body compression.
• Added --ignore-netrc to allow bypassing credentials from .netrc.
• Added https alias command with https:// as the default scheme.
• Added $ALL_PROXY documentation.
• Added type annotations throughout the codebase.
• Added tests/ to the PyPi package for the convenience of downstream package maintainers.
• Fixed an error when stdin was a closed fd.
• Improved --debug output formatting.

Fixed CVE-2019-10751 — the way the output filename is generated for --download requests without --output resulting in a redirect has been changed to only consider the initial URL as the base for the generated filename, and not the final one. This fixes a potential security issue under the following scenario:

1. A --download request with no explicit --output is made (e.g., $ http -d example.org/file.txt), instructing HTTPie to generate the output filename from the Content-Disposition response header, or from the URL if the header is not provided.
2. The server handling the request has been modified by an attacker and instead of the expected response the URL returns a redirect to another URL, e.g., attacker.example.org/.bash_profile, whose response does not provide a Content-Disposition header (i.e., the base for the generated filename becomes .bash_profile instead of file.txt).
3. Your current directory doesn’t already contain .bash_profile (i.e., no unique suffix is added to the generated filename).
4. You don’t notice the potentially unexpected output filename as reported by HTTPie in the console output (e.g., Downloading 100.00 B to ".bash_profile").

• Fixed tests for installation with pyOpenSSL.

• Removed external URL calls from tests.

• Added --style=auto which follows the terminal ANSI color styles.
• Added support for selecting TLS 1.3 via --ssl=tls1.3 (available once implemented in upstream libraries).
• Added true/false as valid values for --verify (in addition to yes/no) and the boolean value is case-insensitive.
• Changed the default --style from solarized to auto (on Windows it stays fruity).
• Fixed default headers being incorrectly case-sensitive.
• Removed Python 2.6 support.

• Only README changes.

• Extended auth plugin API.
• Added exit status code 7 for plugin errors.
• Added support for curses-less Python installations.
• Fixed REQUEST_ITEM arg incorrectly being reported as required.
• Improved CTRL-C interrupt handling.
• Added the standard exit status code 130 for keyboard interrupts.