This fixes desktop app auth failures where users encounter
"Session expired" errors when creating environments or
saving requests despite being logged in.
The issue occurred because token verify/validation works on web
(cookie-based auth) but fails on desktop (bearer token auth). The
desktop implementation had flaky response parsing in
`verifyAuthTokens()`.
Includes some future proofing work around cookie parsing
in `setAuthCookies()`, for Set-Cookie headers contain commas
or are concatenated with newlines (see #5394).
The runtime schema uses .catch() fallbacks for all fields (`key`, `value`, `active`, `description`), making them effectively optional at runtime. Updated type definitions to use Partial<> to match actual runtime behavior and prevent type errors in usage.
This allows valid usage patterns like:
``
hopp.request.setHeaders([{ key: "X-Custom", value: "foo" }])
```
Without requiring all fields (`active`, `description`) to be explicitly provided.
- Update active state styles for better visibility in the mock server.
- BE updates catered to improving content type handling in the mock server.
- Introduced a `disableMockServerInPersonalWorkspace` platform-level feature flag.
- Remove inactive keyboard shorthand nudges from the Mock server dashboard context menu.
---
Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
* fix(mock-server): handle null collection case in dashboard display
* feat(mock-server): add private access hint for non-public mock servers
* fix(mock-server): update private access hint for clarity
* refactor(mock-server): remove console logs from mock server creation and update
- Fix null/undefined environment variable handling across namespaces
- Fix pm.request console.log output to display properly
- Add pm.request.id and pm.request.name type definitions
- Fix assertion error messages to show actual values
- Strip `export {};` from collection exports and legacy sandbox editor display
Node.js `v24` became LTS recently, causing CI failures due to `V8` API
incompatibilities with isolated-vm `v5.x`. Pinning to `v22` aligns with our
production environment (Alpine `v3.22.1` ships Node.js `v22.16.0`) and ensures
build stability.
`isolated-vm v6+` will be required for Node.js `v24` support and will be
addressed in a future dependency update cycle.
Added support for overriding the default session cookie name using the `INFRA.SESSION_COOKIE_NAME` config or the `SESSION_COOKIE_NAME` environment variable. This helps compatibility with proxies or load balancers that cannot handle cookie names containing dots.
---
Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
This replaces the matrix-based Agent build strategy with dedicated
platform-specific jobs, synchronizing with the Desktop workflow
patterns and preparing for the broader CI/CD updation cycle.
Add per-domain toggle to disable automatic HTTP redirect following in
the Native and Agent interceptors. When disabled, requests return the
redirect response (status code, headers, body) without following the
Location header.
Previously HTTP redirects were always followed (on browser, can't do
much about that, see
https://fetch.spec.whatwg.org/#atomic-http-redirect-handling) without
option to inspect the redirect response itself. This prevented
developers from accessing redirect metadata needed when testing OAuth
flows (PKCE where intermediate responses contain authorization tokens),
authentication endpoints that return codes in Location headers with 302
status, and debugging API redirect chains. But on the desktop app,
redirects were just never followed, creating the opposite effect.
The browser's fetch API applies atomic HTTP redirect handling per spec,
making it impossible to intercept redirects and inspect their responses.
The Native and Agent interceptors use curl and native HTTP clients
respectively, both supporting redirect control, making this feature
viable for these specific interceptors. (Proxyscotch tbd).
