Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
Co-authored-by: Nahid Hasan <52489202+nahidhasan94@users.noreply.github.com>
This updates Hoppscotch Desktop (Shell) dependencies to align with
`v2025.11.0` security patch and other dependency chain.
---------
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
Add per-domain toggle to disable automatic HTTP redirect following in
the Native and Agent interceptors. When disabled, requests return the
redirect response (status code, headers, body) without following the
Location header.
Previously HTTP redirects were always followed (on browser, can't do
much about that, see
https://fetch.spec.whatwg.org/#atomic-http-redirect-handling) without
option to inspect the redirect response itself. This prevented
developers from accessing redirect metadata needed when testing OAuth
flows (PKCE where intermediate responses contain authorization tokens),
authentication endpoints that return codes in Location headers with 302
status, and debugging API redirect chains. But on the desktop app,
redirects were just never followed, creating the opposite effect.
The browser's fetch API applies atomic HTTP redirect handling per spec,
making it impossible to intercept redirects and inspect their responses.
The Native and Agent interceptors use curl and native HTTP clients
respectively, both supporting redirect control, making this feature
viable for these specific interceptors. (Proxyscotch tbd).
Updates `tauri-plugin-shell` from vulnerable version to `v2.2.1` to
address `CVE-2025-31477` in `open` around scope validation.
Affects both `hoppscotch-agent` and `hoppscotch-desktop`.
Closes FE-1022
This resolves window accumulation during instance switching by
implementing proper window lifecycle management using Tauri's
WebviewWindow APIs.
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
The rebases and updates desktop's `@hoppscotch/plugin-appload`
dependency from branch-based ref to specific commit hash to resolve
Docker build failures.
Branch-based GitHub dependencies require `git` in the build environment.
Our Dockerfile stages didn't install `git`, which caused `pnpm install`
to fail with `spawn git ENOENT`. Using a commit hash allows `pnpm` to
fetch the tarball directly without requiring `git`.
This implements backend path management, backup system, cross-platform utilities, and refactors the `appload` plugin arch to support portable mode deployment.
The changes are mainly establishing foundational infra maintaining current frontend behavior until phase-3+ integration.
- This standardises package versions between desktop, agent, appload, relay
all the native components to resolve version inconsistencies and prepare
for unified bumps in the future.
- Account for recent minor dependency bumps as a follow-up to #5329
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
This fixes file uploads incorrectly showing MIME type as "Other" instead
of their actual content types by expanding the `MediaType` enum relay
to include common audio, video, and image formats.
Basically `MediaType` enum is used for both `ContentType` which would
map to `ContentType` from `hoppscotch-data` (e.g. `multipart/form-data`)
but also to `FormValue` in `interop`
```rust
pub enum FormValue {
...
File {
filename: String,
content_type: MediaType,
data: Bytes,
},
}
```
although the later should be much more pervasive.
This is a follow up on #5244
Closes FE-887
Closes#3810Closes#5223Closes#5233
The issue occurred because the `relay`'s `MediaType` couldn't deserialize
beyond the basic types (text, JSON, XML, etc.), lacked support for
other media file types. The TypeScript layer correctly detected MIME
types (e.g., "audio/x-m4a"), but the deserialization process fell back
to `MediaType::Other`. Main reason for servers performing strict MIME
validation to reject uploads.
Replaces CodeMirror with Monaco for scripting editors under the experimental scripting sandbox.
The legacy CodeMirror-based editors are preserved for backwards compatibility and will
continue to power the legacy scripting sandbox.
This introduces improved type support, IntelliSense, and JSDoc hinting via Monaco, with
the backing for pre-request and post-request scripts in tabbed views. Type definitions are
isolated per editor to avoid variable leakage.
This updates `vue-tsc` to version `2.2.0` and removes caret prefix from
TypeScript to resolve build compatibility issues that were preventing
builds in `agent`'s CI/CD pipeline.
The build process was failing with "Search string not found" errors when
vue-tsc attempted to patch TypeScript's internal structure.
Initially thought to be related to FE-925, FE-924.
Closes FE-926
The previous config used `TypeScript` at `^5.8.3` with `vue-tsc` at
`^2.1.6`. The `vue-tsc` package contains hardcoded regex patterns for
patching TypeScript's internals, and these patterns in version 2.1.6
don't match the structure in TypeScript 5.8.3.
The unstable flag was causing arrow keys to
display ANSI escape sequences as literal text
instead of performing cursor navigation.
For example the arrow keys in URL input fields
display escape sequences (`^[[C, ^[[D, ^[[A, ^[[B`)
as literal text.
Closes HFE-880
Closes#5102
The unstable feature flag was originally added to
support experimental features that were required
for functionality that is no longer needed
in the current implementation.
See:
- [Tauri Issue #9257] - Keyboard shortcuts broken with unstable flag
- [Tauri Issue #10194] - Arrow keys printing invalid characters
- [Wry Issue #1177] - Related macOS input handling issues
- CLI Collection runner enhancements:
- Support mixed versions - child collections based on different versions compared to the parent collection.
- Better support for incoming data via IDs conforming to older formats.
- Bump `verzod` across packages.
- Relevant updates to test suite.
- Bump `zod` under `selfhost-desktop`.
