[
{
"path": ".devcontainer/devcontainer.json",
"content": "{\n \"image\": \"mcr.microsoft.com/devcontainers/java:21-bookworm\",\n \"features\": {\n \"ghcr.io/devcontainers/features/java:1\": {\n \"version\": \"17\"\n }\n },\n \"customizations\": {\n \"vscode\": {\n \"settings\": {\n \"java.server.launchMode\": \"Standard\"\n },\n \"extensions\": [\n \"vscjava.vscode-java-pack\",\n \"vscjava.vscode-gradle\"\n ]\n }\n }\n}\n"
},
{
"path": ".editorconfig",
"content": "root = true\n\n[*]\nindent_size = 2\nij_continuation_indent_size = 2\ncharset = utf-8\ntrim_trailing_whitespace = true\ninsert_final_newline = true\n\n[*.{kt, kts}]\nij_kotlin_imports_layout = *\n"
},
{
"path": ".gitattributes",
"content": "* text=auto eol=lf\n\n*.bat text eol=crlf\n*.jar binary"
},
{
"path": ".github/CONTRIBUTING.md",
"content": "Contributing\n============\n\nIf you would like to contribute code to OkHttp you can do so through GitHub by\nforking the repository and sending a pull request.\n\nWhen submitting code, please make every effort to follow existing conventions\nand style in order to keep the code as readable as possible. Please also make\nsure your code compiles by running `./gradlew check`. Checkstyle failures\nduring compilation indicate errors in your style and can be viewed in the\n`checkstyle-result.xml` file.\n\nSome general advice\n\n- Don’t change public API lightly, avoid if possible, and include your reasoning in the PR if essential. It causes pain for developers who use OkHttp and sometimes runtime errors.\n- Favour a working external library if appropriate. There are many examples of OkHttp libraries that can sit on top or hook in via existing APIs.\n- Get working code on a personal branch with tests before you submit a PR.\n- OkHttp is a small and light dependency. Don't introduce new dependencies or major new functionality.\n- OkHttp targets the intersection of RFC correct *and* widely implemented. Incorrect implementations that are very widely implemented e.g. a bug in Apache, Nginx, Google, Firefox should also be handled.\n\nBefore your code can be accepted into the project you must also sign the\n[Individual Contributor License Agreement (CLA)][1].\n\n\n [1]: https://spreadsheets.google.com/spreadsheet/viewform?formkey=dDViT2xzUHAwRkI3X3k5Z0lQM091OGc6MQ&ndplr=1\n"
},
{
"path": ".github/ISSUE_TEMPLATE/bug_report.md",
"content": "---\nname: Bug report\nabout: A reproducible problem\ntitle: ''\nlabels: bug\nassignees: ''\n\n---\n\nGood bug reports include a failing test! Writing a test helps you to isolate and describe the problem, and it helps us to fix it fast. Bug reports without a failing test or reproduction steps are likely to be closed.\n\nHere’s an example test to get you started.\nhttps://gist.github.com/swankjesse/981fcae102f513eb13ed\n"
},
{
"path": ".github/ISSUE_TEMPLATE/feature_request.md",
"content": "---\nname: Feature request\nabout: Suggest an idea\ntitle: ''\nlabels: enhancement\nassignees: ''\n\n---\n\nStart by telling us what problem you’re trying to solve. Often a solution already exists!\n\nDon’t send pull requests to implement new features without first getting our support. Sometimes we leave features out on purpose to keep the project small.\n"
},
{
"path": ".github/ISSUE_TEMPLATE/question.md",
"content": "---\nname: Question\nabout: Use Stack Overflow instead\ntitle: \"\\U0001F649\"\nlabels: ''\nassignees: ''\n\n---\n\n🛑 𝙎𝙏𝙊𝙋\n\nThis issue tracker is not the place for questions!\n\nIf you want to ask how to do something, or to understand why something isn't working the way you expect it to, use Stack Overflow. https://stackoverflow.com/questions/tagged/okhttp\n\nWe close all questions without reading them.\n"
},
{
"path": ".github/renovate.json",
"content": "{\n \"$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n \"extends\": [\n \"config:recommended\",\n \"group:monorepos\",\n \"group:recommended\",\n \":dependencyDashboard\"\n ],\n \"semanticCommits\": \"disabled\",\n \"labels\": [\n \"renovate\"\n ],\n \"ignoreDeps\": [\n \"com.squareup.okhttp3:okhttp\",\n \"com.squareup.okhttp3:okhttp-tls\",\n \"com.squareup.okhttp3:mockwebserver\"\n ],\n \"packageRules\": [\n {\n \"groupName\": \"bnd\",\n \"matchPackageNames\": [\n \"/biz.*/\"\n ]\n },\n {\n \"groupName\": \"graalvm\",\n \"matchPackageNames\": [\n \"/org.graalvm.*/\"\n ]\n },\n {\n \"matchPackageNames\": [\n \"org.objenesis:objenesis\"\n ],\n \"allowedVersions\": \"<=2.6\"\n },\n {\n \"extends\": [\n \"monorepo:jetty\"\n ],\n \"allowedVersions\": \"<10.0\",\n \"description\": \"JDK 11 requirement\"\n },\n {\n \"extends\": [\n \"monorepo:junit5\"\n ],\n \"allowedVersions\": \"<5.14.0\",\n },\n {\n \"matchPackageNames\": [\n \"org.junit-pioneer:junit-pioneer\"\n ],\n \"allowedVersions\": \"<2.0.0\",\n \"description\": \"JDK 11 requirement\"\n },\n {\n \"matchPackageNames\": [\n \"androidx.activity:activity-ktx\"\n ],\n \"allowedVersions\": \"<=1.11.0\",\n \"description\": \"Android minSdk 23 requirement\"\n }\n ]\n}\n"
},
{
"path": ".github/workflows/build.yml",
"content": "name: build\n\non:\n push:\n branches:\n - master\n pull_request:\n types: [opened, labeled, unlabeled, synchronize]\n\npermissions:\n contents: read\n\nenv:\n GRADLE_OPTS: \"-Xmx4g -Dorg.gradle.daemon=false -Dkotlin.incremental=false\"\n\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: true\n\njobs:\n publish:\n runs-on: ubuntu-latest\n if: github.repository == 'square/okhttp' && github.ref == 'refs/heads/master'\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: 21\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Upload Artifacts\n run: ./gradlew clean publish --stacktrace\n env:\n ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.SONATYPE_CENTRAL_USERNAME }}\n ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.SONATYPE_CENTRAL_PASSWORD }}\n ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SECRET_KEY }}\n ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.GPG_SECRET_PASSPHRASE }}\n\n validation:\n name: \"Validation\"\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n - uses: gradle/actions/wrapper-validation@v5\n - name: Validate Renovate\n uses: rinchsan/renovate-config-validator@v0.2.0\n with:\n pattern: '.github/renovate.json'\n\n checks:\n permissions:\n checks: write # for mikepenz/action-junit-report\n runs-on: ubuntu-latest\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: |\n 11\n 21\n\n - uses: graalvm/setup-graalvm@v1\n with:\n distribution: 'graalvm'\n java-version: 21\n github-token: ${{ secrets.GITHUB_TOKEN }}\n native-image-job-reports: true\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Run Checks\n run: ./gradlew check -PgraalBuild=true -x jvmTest -x test -x allTests -x java9Test\n\n jvm:\n permissions:\n checks: write # for mikepenz/action-junit-report\n runs-on: ubuntu-latest\n strategy:\n fail-fast: false\n matrix:\n java-version:\n - 8\n - 11\n - 17\n - 21\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: |\n ${{ matrix.java-version }}\n 21\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Run Tests\n run: ./gradlew test allTests -Ptest.java.version=${{ matrix.java-version }}\n\n - name: Publish Test Report\n if: github.repository == 'square/okhttp' && github.ref == 'refs/heads/master' && matrix.java-version == '11'\n uses: mikepenz/action-junit-report@v6\n with:\n report_paths: '**/build/test-results/*/TEST-*.xml'\n check_name: OpenJDK 11 Test Report\n\n - name: Publish Test Results\n uses: EnricoMi/publish-unit-test-result-action@v2\n if: github.repository == 'square/okhttp' && github.ref == 'refs/heads/master' && matrix.java-version == '11'\n with:\n files: |\n **/build/test-results/*/TEST-*.xml\n\n openjdk8alpn:\n runs-on: ubuntu-latest\n if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'jdkversions')\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Install Old JDK 8\n uses: actions/setup-java@v5\n with:\n distribution: 'zulu'\n java-version: 8.0.242\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: 21\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Run Tests\n run: ./gradlew test allTests -Ptest.java.version=8 -Pokhttp.platform=jdk8alpn -Palpn.boot.version=8.1.13.v20181017 -Dorg.gradle.java.installations.paths=/opt/hostedtoolcache/Java_Adopt_jdk/8.0.242-8.1/x64\n\n providers:\n runs-on: ubuntu-latest\n if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'providers')\n strategy:\n matrix:\n include:\n - provider: openjsse\n java-version: 8\n - provider: bouncycastle\n java-version: 21\n - provider: corretto\n java-version: 21\n - provider: conscrypt\n java-version: 21\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: |\n ${{ matrix.java-version }}\n 21\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Run Tests\n run: ./gradlew test allTests -Pokhttp.platform=${{ matrix.provider }} -Ptest.java.version=${{ matrix.java-version }}\n\n openjdklatest:\n runs-on: ubuntu-latest\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDKs\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: |\n 11\n 17\n 24\n\n - name: Allow incompatible JVM versions\n run: |\n echo 'kotlin.jvm.target.validation.mode=ignore' >> ./gradle.properties\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Run Tests\n run: ./gradlew test allTests -Ptest.java.version=24\n\n openjdkearlyaccess:\n runs-on: ubuntu-latest\n if: false # https://youtrack.jetbrains.com/issue/KTOR-8489\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: |\n 11\n 17\n 25-ea\n\n - name: Allow incompatible JVM versions\n run: |\n echo 'kotlin.jvm.target.validation.mode=ignore' >> ./gradle.properties\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Run Tests\n run: ./gradlew test allTests -Ptest.java.version=25\n\n testwindows:\n runs-on: windows-latest\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: 21\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Run Tests\n run: ./gradlew test allTests\n\n graal:\n runs-on: ubuntu-latest\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: 21\n\n - uses: graalvm/setup-graalvm@v1\n with:\n distribution: 'graalvm'\n java-version: 24\n github-token: ${{ secrets.GITHUB_TOKEN }}\n native-image-job-reports: true\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Build okcurl\n run: ./gradlew okcurl:nativeBuild\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Run native-image tests\n run: ./gradlew -PgraalBuild=true native-image-tests:nativeTest\n\n android:\n runs-on: ubuntu-latest\n timeout-minutes: 30\n\n strategy:\n fail-fast: false\n matrix:\n api-level:\n - 21\n - 23\n - 29\n - 34\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: 21\n\n - name: Enable KVM group perms\n # https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/\n run: |\n echo 'KERNEL==\"kvm\", GROUP=\"kvm\", MODE=\"0666\", OPTIONS+=\"static_node=kvm\"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules\n sudo udevadm control --reload-rules\n sudo udevadm trigger --name-match=kvm\n\n - name: Verify KVM\n run: |\n sudo apt-get install -y cpu-checker\n kvm-ok || echo \"KVM is not accelerated\"\n kvm-ok || exit 1\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Gradle cache\n run: ./gradlew :android-test:test\n\n - name: AVD System Image Cache\n uses: actions/cache@v5\n id: avd-cache\n with:\n key: avd-${{ runner.os }}-${{ matrix.api-level }}-${{ matrix.api-level >= 30 && 'x86_64' || 'x86' }}\n path: |\n ~/.android/avd/*\n ~/.android/adb*\n # Added the actual system image path\n ${{ env.ANDROID_HOME }}/system-images/android-${{ matrix.api-level }}\n\n - name: Create AVD and generate snapshot for caching\n if: steps.avd-cache.outputs.cache-hit != 'true'\n uses: reactivecircus/android-emulator-runner@v2\n with:\n api-level: ${{ matrix.api-level }}\n force-avd-creation: false\n arch: ${{ matrix.api-level >= 30 && 'x86_64' || 'x86' }}\n # No window, no audio, and use swiftshader for headless environments\n emulator-options: >\n -no-window\n -gpu swiftshader_indirect\n -noaudio\n -no-boot-anim\n -camera-back none\n -memory 2048\n disable-animations: true\n script: echo \"Generated AVD snapshot for caching.\"\n\n - name: Run Tests\n uses: reactivecircus/android-emulator-runner@v2\n with:\n api-level: ${{ matrix.api-level }}\n arch: ${{ matrix.api-level == '34' && 'x86_64' || 'x86' }}\n script: ./gradlew -PandroidBuild=true connectedCheck\n env:\n API_LEVEL: ${{ matrix.api-level }}\n\n - name: Build Release App\n run: ./gradlew android-test-app:lint android-test-app:assembleRelease\n\n loom:\n runs-on: ubuntu-latest\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: |\n 21\n 24\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Run Tests\n run: ./gradlew test allTests -Pokhttp.platform=loom -Ptest.java.version=24 -PcontainerTests=true\n\n maven:\n runs-on: ubuntu-latest\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: 21\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Publish local snapshot\n run: ./gradlew publishToMavenLocal\n\n - name: Run maven test\n working-directory: ./maven-tests\n run: ./mvnw -q verify\n\n java9_modules:\n runs-on: ubuntu-latest\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: 24\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Test module-tests\n run: ./gradlew module-tests:test -PokhttpModuleTests=true\n\n - name: Run with Jlink\n run: ./gradlew module-tests:imageRun -PokhttpModuleTests=true\n\n"
},
{
"path": ".github/workflows/containers.yml",
"content": "name: containers\n\non:\n push:\n branches:\n - master\n pull_request:\n types: [opened, labeled, unlabeled, synchronize]\n\npermissions:\n contents: read\n\nenv:\n GRADLE_OPTS: \"-Dorg.gradle.jvmargs=-Xmx4g -Dorg.gradle.daemon=false -Dkotlin.incremental=false\"\n\njobs:\n test_containers:\n permissions:\n checks: write # for actions/upload-artifact\n runs-on: ubuntu-latest\n if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'containers')\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: 21\n\n - name: Setup Gradle\n uses: gradle/actions/setup-gradle@v5\n\n - name: Run Container Tests\n run: ./gradlew container-tests:test -PcontainerTests=true\n"
},
{
"path": ".github/workflows/docs.yml",
"content": "name: docs\n\non:\n push:\n branches:\n - master\n pull_request:\n types: [opened, labeled, unlabeled, synchronize]\n\npermissions:\n contents: read\n\nenv:\n GRADLE_OPTS: \"-Dorg.gradle.jvmargs=-Xmx4g -Dorg.gradle.daemon=false -Dkotlin.incremental=false\"\n\njobs:\n test_docs:\n permissions:\n checks: write # for actions/upload-artifact\n runs-on: ubuntu-latest\n if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'documentation')\n\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n\n - name: Configure JDK\n uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version: 21\n\n - uses: actions/setup-python@v6\n with:\n python-version: 3.x\n\n - run: pip install mkdocs-material mkdocs-redirects\n\n - name: Generate Docs\n run: ./test_docs.sh\n\n - uses: actions/upload-artifact@v7\n with:\n name: docs\n path: site/\n"
},
{
"path": ".github/workflows/publish.yml",
"content": "name: publish\n\non:\n push:\n tags:\n - '**'\n\nenv:\n GRADLE_OPTS: \"-Dorg.gradle.jvmargs=-Xmx4g -Dorg.gradle.daemon=false -Dkotlin.incremental=false\"\n\njobs:\n publish:\n runs-on: macos-15\n\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-java@v5\n with:\n distribution: 'temurin'\n java-version-file: .github/workflows/.java-version\n\n - run: ./gradlew publish\n env:\n ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.SONATYPE_CENTRAL_USERNAME }}\n ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.SONATYPE_CENTRAL_PASSWORD }}\n ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SECRET_KEY }}\n ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.GPG_SECRET_PASSPHRASE }}\n"
},
{
"path": ".gitignore",
"content": ".classpath\n.kotlin\n.project\n.settings\n.gradle\neclipsebin\n\nbin\ngen\nbuild\nout\nlib\ngenerated\n\ntarget\npom.xml.*\nrelease.properties\nlocal.properties\n\n.idea\n*.iml\n*.ipr\n*.iws\n*.log\nclasses\n\nobj\n\n.DS_Store\n\n# Special Mkdocs files\ndocs/5.x\ndocs/changelog.md\ndocs/contributing.md\ndocs/index.md\n\n# jenv\n/.java-version\n/site/\n/docs/changelogs/changelog.md\n"
},
{
"path": ".gitmodules",
"content": "[submodule \"okhttp-hpacktests/src/test/resources/hpack-test-case\"]\n\tpath = okhttp-hpacktests/src/test/resources/hpack-test-case\n\turl = https://github.com/http2jp/hpack-test-case.git\n"
},
{
"path": ".junit.run/Not Slow.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".vscode/settings.json",
"content": "{\n \"java.configuration.updateBuildConfiguration\": \"interactive\",\n \"java.import.gradle.wrapper.enabled\": true\n}"
},
{
"path": "BUG-BOUNTY.md",
"content": "Serious about security\n======================\n\nSquare recognizes the important contributions the security research community\ncan make. We therefore encourage reporting security issues with the code\ncontained in this repository.\n\nIf you believe you have discovered a security vulnerability, please follow the\nguidelines at https://bugcrowd.com/engagements/blockopensource.\n"
},
{
"path": "CHANGELOG.md",
"content": "Change Log\n==========\n\n## Version 5.3.2\n\n_2025-11-18_\n\n * Fix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused\n timeouts to fire later than they were supposed to.\n\n * Upgrade: [Okio 3.16.4][okio_3_16_4].\n\n\n## Version 5.3.1\n\n_2025-11-16_\n\nThis release is the same as 5.3.0. Okio 3.16.3 didn't have a necessary fix!\n\n* Upgrade: [Okio 3.16.3][okio_3_16_3].\n\n\n## Version 5.3.0\n\n_2025-10-30_\n\n * New: Add tags to `Call`, including computable tags. Use this to attach application-specific\n metadata to a `Call` in an `EventListener` or `Interceptor`. The tag can be read in any other\n `EventListener` or `Interceptor`.\n\n ```kotlin\n override fun intercept(chain: Interceptor.Chain): Response {\n chain.call().tag(MyAnalyticsTag::class) {\n MyAnalyticsTag(...)\n }\n\n return chain.proceed(chain.request())\n }\n ```\n\n * New: Support request bodies on HTTP/1.1 connection upgrades.\n * New: `EventListener.plus()` makes it easier to observe events in multiple listeners.\n * Fix: Don't spam logs with _‘Method isLoggable in android.util.Log not mocked.’_ when using\n OkHttp in Robolectric and Paparazzi tests.\n * Upgrade: [Kotlin 2.2.21][kotlin_2_2_21].\n * Upgrade: [Okio 3.16.2][okio_3_16_2].\n * Upgrade: [ZSTD-KMP 0.4.0][zstd_kmp_0_4_0]. This update fixes a bug that caused APKs to fail\n [16 KB ELF alignment checks][elf_alignment].\n\n\n## Version 5.2.3\n\n_2025-11-18_\n\n * Fix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused\n timeouts to fire later than they were supposed to.\n\n * Upgrade: [Okio 3.16.4][okio_3_16_4].\n\n\n## Version 5.2.2\n\n_2025-11-16_\n\nThis release is the same as 5.2.1. Okio 3.16.3 didn't have a necessary fix!\n\n * Upgrade: [Okio 3.16.3][okio_3_16_3].\n\n\n## Version 5.2.1\n\n_2025-10-09_\n\n * Fix: Don't crash when calling `Socket.shutdownOutput()` or `shutdownInput()` on an `SSLSocket`\n on Android API 21 through 23. This method throws an `UnsupportedOperationException`, so we now\n catch that and close the underlying stream instead.\n\n * Upgrade: [Okio 3.16.1][okio_3_16_1].\n\n\n## Version 5.2.0\n\n_2025-10-07_\n\n * New: Support [HTTP 101] responses with `Response.socket`. This mechanism is only supported on\n HTTP/1.1. We also reimplemented our websocket client to use this new mechanism.\n\n * New: The `okhttp-zstd` module negotiates [Zstandard (zstd)][zstd] compression with servers that\n support it. It integrates a new (unstable) [ZSTD-KMP] library, also from Square. Enable it like\n this:\n\n ```kotlin\n val client = OkHttpClient.Builder()\n .addInterceptor(CompressionInterceptor(Zstd, Gzip))\n .build()\n ```\n\n * New: Support the `QUERY` HTTP method. You will need to set the `Request.cacheUrlOverride`\n property to cache calls made with this method. The `RequestBody.sha256()` may be helpful here;\n use it to compose a cache URL from the query body.\n\n * New: Publish events when calls must wait to execute. `EventListener.dispatcherQueueStart()`\n is invoked when a call starts waiting, and `dispatcherQueueEnd()` is invoked when it's done.\n\n * New: `Request.toCurl()` returns a copy-pasteable [curl] command consistent with Chrome’s and\n Firefox’s ‘copy as cURL’ features.\n\n * New: Support [JPMS]. We replaced our `Automatic-Module-Name` metadata with proper\n `module-info.java` files.\n\n * Fix: Recover gracefully when worker threads are interrupted. When we introduced fast fallback in\n OkHttp 5.0, we started using background threads while connecting. Sadly that code didn't handle\n interruptions well. This is now fixed.\n\n * Upgrade: [Kotlin 2.2.20][kotlin_2_2_20].\n * Upgrade: [Okio 3.16.0][okio_3_16_0].\n\n\n## Version 5.1.0\n\n_2025-07-07_\n\n * New: `Response.peekTrailers()`. When we changed `Response.trailers()` to block instead of\n throwing in 5.0.0, we inadvertently removed the ability for callers to peek the trailers\n (by catching the `IllegalStateException` if they weren't available). This new API restores that\n capability.\n\n * Fix: Don't crash on `trailers()` if the response doesn't have a body. We broke [Retrofit] users\n who read the trailers on the `raw()` OkHttp response, after its body was decoded.\n\n\n## Version 5.0.0\n\n_2025-07-02_\n\nThis is our first stable release of OkHttp since 2023. Here's the highlights if you're upgrading\nfrom OkHttp 4.x:\n\n**OkHttp is now packaged as separate JVM and Android artifacts.** This allows us to offer\nplatform-specific features and optimizations. If your build system handles [Gradle module metadata],\nthis change should be automatic.\n\n**MockWebServer has a new coordinate and package name.** We didn’t like that our old artifact\ndepends on JUnit 4 so the new one doesn’t. It also has a better API built on immutable values. (We\nintend to continue publishing the old `okhttp3.mockwebserver` artifact so there’s no urgency to\nmigrate.)\n\n| Coordinate | Package Name | Description |\n|:-------------------------------------------------| :-------------------- | :-------------------------------- |\n| com.squareup.okhttp3:mockwebserver3:5.0.0 | mockwebserver3 | Core module. No JUnit dependency! |\n| com.squareup.okhttp3:mockwebserver3-junit4:5.0.0 | mockwebserver3.junit4 | Optional JUnit 4 integration. |\n| com.squareup.okhttp3:mockwebserver3-junit5:5.0.0 | mockwebserver3.junit5 | Optional JUnit 5 integration. |\n| com.squareup.okhttp3:mockwebserver:5.0.0 | okhttp3.mockwebserver | Obsolete. Depends on JUnit 4. |\n\n**OkHttp now supports Happy Eyeballs ([RFC 8305][rfc_8305]) for IPv4+IPv6 networks.** It attempts\nboth IPv6 and IPv4 connections concurrently, keeping whichever connects first.\n\n**We’ve improved our Kotlin APIs.** You can skip the builder:\n\n```kotlin\nval request = Request(\n url = \"https://cash.app/\".toHttpUrl(),\n)\n```\n\n**OkHttp now supports [GraalVM].**\n\nHere’s what has changed since 5.0.0-alpha.17:\n\n * Upgrade: [Okio 3.15.0][okio_3_15_0].\n * Upgrade: [Kotlin 2.2.0][kotlin_2_2_0].\n * Fix: Don't crash with a `NoSuchMethodError` when using OkHttp with the Sentry SDK.\n * Fix: Retain the query data in the old `okhttp3.mockwebserver.RecordedRequest.path` property. We\n inadvertently changed this behavior when we introduced the `mockwebserver3` API.\n\n\n## Version 5.0.0-alpha.17\n\n_2025-06-29_\n\nThis release stabilizes many APIs for the imminent OkHttp 5.0.0 release.\n\n * New: `TrailersSource`, a public API for HTTP trailers. Production callers shouldn't need this\n as the API to read response trailers is unchanged. Testers may use this new stable API to\n supply trailers for a `Response`.\n\n * New: `Path.asRequestBody()` is now a non-experimental API.\n\n * New: `FileDescriptor.toRequestBody()` is now a non-experimental API.\n\n * New: Stop using experimental coroutines APIs in our `okhttp-coroutines` artifact.\n\n * Breaking: Move `gzip` from `RequestBody` to `Request.Builder`. This new API handles both\n compressing the request body and also adding the corresponding `Content-Encoding` header. Note\n that this function is sensitive to when it is called: the response body must be supplied before\n it can be compressed.\n\n * Breaking: Remove `AddressPolicy`, `AsyncDns`, and `ConnectionListener` from the public API. We\n intend to ship a public API for these features, but we don't want to hold OkHttp 5.0.0 until\n those APIs are stable.\n\n * Fix: Change `MockWebServer.close()` to cancel ongoing calls that are blocked on a delay.\n\n * Upgrade: [Okio 3.13.0][okio_3_13_0].\n\nThis release also stabilizes many APIs in the `mockwebserver3` artifact that's new in 5.0.\n\n * Breaking: `RecordedRequest.body` is now nullable. Null is used when the request does not have a\n body.\n\n * Breaking: `RecordedRequest.chunkSizes` is now nullable. Null is used when the request does not\n use chunked encoding. This is different from an empty list - that indicates the request is\n chunked but has no data.\n\n * Breaking: Replace `SocketPolicy` with a new type, `SocketEffect`. It splits triggers (request\n start, response body, etc.) from effects (closing the socket, closing the stream, etc.).\n\n * Breaking: Rename `RecordedRequest.sequenceNumber` to `exchangeIndex` and introduce\n `connectionIndex` on that type. These properties may be useful when testing features like\n connection reuse.\n\n * Breaking: Replace our parameters-based JUnit 5 extension with a new annotation, `@StartStop`.\n Put this annotation on a `MockWebServer` property and the extension will start it before your\n test executes and stop it after it completes. No further configuration is required.\n\n ```kotlin\n @StartStop val server = MockWebServer()\n ```\n\n * Breaking: Don't automatically start `MockWebServer` after calls to accessors like `port`. Now\n these accessors will throw an `IllegalStateException` if the service has not yet been started.\n\n * Breaking: Rename `RecordedRequest.path` to `RecordedRequest.target`. (This property is\n _sometimes_ a path, but it can also be a path and query, or a full URL.)\n\n * Breaking: Decompose the `RecordedRequest.requestLine` into three properties, `method`, `target`,\n and `version`. This better suits HTTP/2 where the request line had to be synthesized from\n component headers.\n\n * Breaking: Change `RecordedRequest.body` from a mutable `Buffer` to an immutable `ByteString`.\n\n * Breaking: Adopt Okio's new `Socket` interface for `MockResponse.socketHandler`.\n\nNote that any _Breaking_ changes above impact only APIs introduced in earlier 5.0.0-alpha releasees.\nWe don't break binary compatibility with non-alpha APIs.\n\n\n## Version 5.0.0-alpha.16\n\n_2025-05-29_\n\n * Fix: The previous release would crash when running on Robolectric. We didn't anticipate\n running our Android artifact on the JVM platform!\n\n\n## Version 5.0.0-alpha.15\n\n_2025-05-28_\n\n**This release introduces separate JVM and Android artifacts.** Until now, we've distributed OkHttp\nas a JVM library that _detects_ Android capabilities at runtime, but that doesn't offer\nAndroid-specific APIs. With this release we're starting to publish OkHttp as an AAR for Android\nusers in addition to our existing JAR for JVM users.\n\nThis first Android-specific artifact adopts Android's `assets` mechanism to embed the public suffix\ndata. We will build more Android integration in future releases.\n\nThe okhttp-android artifact first introduced in `5.0.0-alpha.7` is no longer available:\n\n * The `AndroidAsyncDns` class moved to the `okhttp` artifact.\n * The `AndroidLogging` class is no longer necessary. `LoggingEventListener` and\n `HttpLoggingInterceptor` write to logcat by default.\n\nThe rest of this release is our highest-quality release yet. Though we continue to use the word\n_alpha_ in the version name, the only unstable thing in it is some non-final APIs tagged\n`@ExperimentalOkHttpApi`. You can safely use this release in production.\n\n * Fix: Attempt to read the response even if sending the request failed. This makes it possible\n to handle response statuses like `HTTP/1.1 431 \"Request Header Fields Too Large`.\n\n * Fix: Handle multiple 1xx responses.\n\n * Fix: Address a performance bug in our internal task runner. We had a race condition that could\n result in it OkHttp starting a thread for each queued task, even when a single thread could run\n all of them.\n\n * Fix: Address a performance bug in `MultipartReader`. We were scanning the entire input stream\n for a delimiter when we only needed to scan enough to return a result.\n\n * Fix: Don't double-compress the public suffix database. OkHttp is usually distributed in a\n compressed file (like a JAR or APK), so compressing its internal data was redundant.\n\n * Fix: Call `ProxySelector.connectFailed()` when a connection's initial TCP handshake fails.\n\n * Fix: Change the signature of `Dispatcher` to accept a nullable `ExecutorService`. Changing this\n parameter to be non-null was an unintended signature change in OkHttp 4.0.\n\n * New: `EventListener.retryDecision()` is called each time a request fails with an `IOException`.\n It notifies your listener if OkHttp will retry.\n\n * New: `EventListener.followUpDecision()` is called each time a response is received. It notifies\n your listener if OkHttp has decided to make a follow-up request. Some common follow-ups are\n authentication challenges and redirects.\n\n * New: Handy constants for `Headers.EMPTY`, `RequestBody.EMPTY`, and `ResponseBody.EMPTY`.\n\n * New: OkHttp now calls `StrictMode.noteSlowCall()` when initializing TLS on Android. Use\n `StrictMode` to detect if your `OkHttpClient` is being initialized on the main thread.\n\n * Upgrade: [Okio 3.12.0][okio_3_12_0].\n\n * Upgrade: [Kotlin 2.1.21][kotlin_2_1_21].\n\n * Upgrade: [kotlinx.coroutines 1.10.2][coroutines_1_10_2]. This is used by the optional\n `okhttp-coroutines` artifact.\n\n * Upgrade: [AndroidX Startup 1.2.0][startup_1_2_0]. The Android variant of the `okhttp` artifact\n now depends on this. This is a new dependency.\n\n * Upgrade: [AndroidX Annotation 1.9.1][annotation_1_9_1]. As above, the Android variant of the\n `okhttp` artifact now depends on this. This is also a new dependency.\n\n\n## Version 5.0.0-alpha.14\n\n_2024-04-17_\n\n * Breaking: Move coroutines extensions to okhttp3.coroutines. Previously this artifact shared the\n `okhttp3` package name with our core module, which is incompatible with the Java Platform Module\n System.\n\n * Fix in okhttp-coroutines: Publish a valid artifact. The coroutines JAR file in 5.0.0-alpha.13\n was corrupt and should not be used.\n\n\n## Version 5.0.0-alpha.13\n\n_2024-04-16_\n\n * Breaking: Tag unstable new APIs as `@ExperimentalOkHttpApi`. We intend to release OkHttp 5.0\n without stabilizing these new APIs first.\n\n Do not use these experimental APIs in modules that may be executed using a version of OkHttp\n different from the version that the module was compiled with. Do not use them in published\n libraries. Do not use them if you aren't willing to track changes to them.\n\n * Breaking: Drop support for Kotlin Multiplatform.\n\n We planned to support multiplatform in OkHttp 5.0, but after building it, we weren't happy with\n the implementation trade-offs. We can't use our HTTP client engine on Kotlin/JS, and we weren't\n prepared to build a TLS API for Kotlin/Native.\n\n We'd prefer a multiplatform HTTP client API that's backed by OkHttp on Android and JVM, and\n other engines on other platforms. [Ktor] does this pretty well today!\n\n * Breaking: Use `kotlin.time.Duration` in APIs like `OkHttpClient.Builder.callTimeout()`. This\n update also drops support for the `DurationUnit` functions introduced in earlier alpha releases\n of OkHttp 5.\n\n * Breaking: Reorder the parameters in the Cache constructor that was introduced in 5.0.0-alpha.3.\n\n * New: `Request.Builder.cacheUrlOverride()` customizes the cache key used for a request. This can\n be used to make canonical URLs for the cache that omit insignificant query parameters or other\n irrelevant data.\n\n This feature may be used with `POST` requests to cache their responses. In such cases the\n request body is not used to determine the cache key, so you must manually add cache-relevant\n data to the override URL. For example, you could add a `request-body-sha256` query parameter so\n requests with the same POST data get the same cache entry.\n\n * New: `HttpLoggingInterceptor.redactQueryParams()` configures the query parameters to redact\n in logs. For best security, don't put sensitive information in query parameters.\n\n * New: `ConnectionPool.setPolicy()` configures a minimum connection pool size for a target\n address. Use this to proactively open HTTP connections.\n\n Connections opened to fulfill this policy are subject to the connection pool's\n `keepAliveDuration` but do not count against the pool-wide `maxIdleConnections` limit.\n\n This feature increases the client's traffic and the load on the server. Talking to your server's\n operators before adopting it.\n\n * New in okhttp-android: `HttpLoggingInterceptor.androidLogging()` and\n `LoggingEventListener.androidLogging()` write HTTP calls or events to Logcat.\n\n * New: `OkHttpClient.webSocketCloseTimeout` configures how long a web socket connection will wait\n for a graceful shutdown before it performs an abrupt shutdown.\n\n * Fix: Honor `RequestBody.isOneShot()` in `MultipartBody`\n\n * Fix in `okhttp-coroutines`: Don't leak response bodies in `executeAsync()`. We had a bug where\n we didn't call `Response.close()` if the coroutine was canceled before its response was\n returned.\n\n * Upgrade: [Okio 3.9.0][okio_3_9_0].\n\n * Upgrade: [Kotlin 1.9.23][kotlin_1_9_23].\n\n * Upgrade: [Unicode® IDNA 15.1.0][idna_15_1_0]\n\n\n## Version 5.0.0-alpha.12\n\n_2023-12-17_\n\nWe took too long to cut this release and there's a lot of changes in it. We've been busy.\n\nAlthough this release is labeled _alpha_, the only unstable thing in it is our new APIs. This\nrelease has many critical bug fixes and is safe to run in production. We're eager to stabilize our\nnew APIs so we can get out of alpha.\n\n * New: Support Java 21's virtual threads (‘OpenJDK Project Loom’). We changed OkHttp's internals\n to use `Lock` and `Condition` instead of `synchronized` for best resource utilization.\n\n * New: Switch our Internationalized Domain Name (IDN) implementation to [UTS #46 Nontransitional\n Processing][uts46]. With this fix, the `ß` code point no longer maps to `ss`. OkHttp now embeds\n its own IDN mapping table in the library.\n\n * New: Prefer the client's configured precedence order for TLS cipher suites. (OkHttp used to\n prefer the JDK’s precedence order.) This change may cause your HTTP calls to negotiate a\n different cipher suite than before! OkHttp's defaults cipher suites are selected for good\n security and performance.\n\n * New: `ConnectionListener` publishes events for connects, disconnects, and use of pooled\n connections.\n\n * Fix: Immediately update the connection's flow control window instead of waiting for the\n receiving stream to process it.\n\n This change may increase OkHttp's memory use for applications that make many concurrent HTTP\n calls and that can receive data faster than they can process it. Previously, OkHttp limited\n HTTP/2 to 16 MiB of unacknowledged data per connection. With this fix there is a limit of 16 MiB\n of unacknowledged data per stream and no per-connection limit.\n\n * Fix: Don't close a `Deflater` while we're still using it to compress a web socket message. We\n had a severe bug where web sockets were closed on the wrong thread, which caused\n `NullPointerException` crashes in `Deflater`.\n\n * Fix: Don't crash after a web socket fails its connection upgrade. We incorrectly released\n the web socket's connections back to the pool before their resources were cleaned up.\n\n * Fix: Don't infinite loop when a received web socket message has self-terminating compressed\n data.\n\n * Fix: Don't fail the call when the response code is ‘HTTP 102 Processing’ or ‘HTTP 103 Early\n Hints’.\n\n * Fix: Honor interceptors' changes to connect and read timeouts.\n\n * Fix: Recover gracefully when a cached response is corrupted on disk.\n\n * Fix: Don't leak file handles when a cache disk write fails.\n\n * Fix: Don't hang when the public suffix database cannot be loaded. We had a bug where a failure\n reading the public suffix database would cause subsequent reads to hang when they should have\n crashed.\n\n * Fix: Avoid `InetAddress.getCanonicalHostName()` in MockWebServer. This avoids problems if the\n host machine's IP address has additional DNS registrations.\n\n * New: Create a JPMS-compatible artifact for `JavaNetCookieJar`. Previously, multiple OkHttp\n artifacts defined classes in the `okhttp3` package, but this is forbidden by the Java module\n system. We've fixed this with a new package (`okhttp3.java.net.cookiejar`) and a new artifact,\n `com.squareup.okhttp3:okhttp-java-net-cookiehandler`. (The original artifact now delegates to\n this new one.)\n\n ```kotlin\n implementation(\"com.squareup.okhttp3:okhttp-java-net-cookiehandler:5.0.0-alpha.12\")\n ```\n\n * New: `Cookie.sameSite` determines whether cookies should be sent on cross-site requests. This\n is used by servers to defend against Cross-Site Request Forgery (CSRF) attacks.\n\n * New: Log the total time of the HTTP call in `HttpLoggingInterceptor`.\n\n * New: `OkHttpClient.Builder` now has APIs that use `kotlin.time.Duration`.\n\n * New: `mockwebserver3.SocketPolicy` is now a sealed interface. This is one of several\n backwards-incompatible API changes that may impact early adopters of this alpha API.\n\n * New: `mockwebserver3.Stream` for duplex streams.\n\n * New: `mockwebserver3.MockResponseBody` for streamed response bodies.\n\n * New: `mockwebserver3.MockResponse` is now immutable, with a `Builder`.\n\n * New: `mockwebserver3.RecordedRequest.handshakeServerNames` returns the SNI (Server Name\n Indication) attribute from the TLS handshake.\n\n * Upgrade: [Kotlin 1.9.21][kotlin_1_9_21].\n\n * Upgrade: [Okio 3.7.0][okio_3_7_0].\n\n\n## Version 5.0.0-alpha.11\n\n_2022-12-24_\n\n * New: Enable fast fallback by default. It's our implementation of Happy Eyeballs,\n [RFC 8305][rfc_8305]. Disable with `OkHttpClient.Builder.fastFallback(false)`.\n * Fix: Don't log response bodies for server-sent events.\n * Fix: Skip early hints (status code 103) responses.\n * Fix: Don't log sensitive headers in `Request.toString()`.\n * Fix: Don't crash when the dispatcher's `ExecutorService` is shutdown with many\n calls still enqueued.\n * Upgrade: [GraalVM 22][graalvm_22].\n * Upgrade: [Kotlin 1.7.10][kotlin_1_7_10].\n\n\n## Version 5.0.0-alpha.10\n\n_2022-06-26_\n\n * Fix: Configure the multiplatform artifact (`com.squareup.okhttp3:okhttp:3.x.x`) to depend on the\n JVM artifact (`com.squareup.okhttp3:okhttp-jvm:3.x.x`) for Maven builds. This should work-around\n an issue where Maven doesn't interpret Gradle metadata.\n * Fix: Make another attempt at supporting Kotlin 1.5.31 at runtime. We were crashing on\n `DurationUnit` which was a typealias in 1.5.x.\n * Upgrade: [Okio 3.2.0][okio_3_2_0].\n\n\n## Version 5.0.0-alpha.9\n\n_2022-06-16_\n\n * New: Enforce label length limits in URLs. `HttpUrl` now rejects URLs whose domains aren't valid.\n This includes overly-long domain names (longer than 253 characters), overly-long labels (more\n than 63 characters between dots), and empty labels.\n * New: Don't include the `Content-Length` header in multipart bodies. Servers must delimit\n OkHttp's request bodies using the boundary only. (This change makes OkHttp more consistent with\n browsers and other HTTP clients.)\n * New: Drop the `tunnelProxy` argument in `MockWebServer.useHttps()`. This change only impacts\n the OkHttp 5.x API which uses the `mockwebserver3` package.\n * Fix: Don't call `toDuration()` which isn't available in kotlin-stdlib 1.4.\n\n\n## Version 5.0.0-alpha.8\n\n_2022-06-08_\n\n * Fix: Change how `H2_PRIOR_KNOWLEDGE` works with HTTP proxies. Previously OkHttp assumed the\n proxy itself was a prior knowledge HTTP/2 server. With this update, OkHttp attempts a `CONNECT`\n tunnel just as it would with HTTPS. For prior knowledge with proxies OkHttp's is now consistent\n with these curl arguments:\n\n ```\n curl \\\n --http2-prior-knowledge \\\n --proxy localhost:8888 \\\n --proxytunnel \\\n http://squareup.com/robots.txt\n ```\n\n * Fix: Support executing OkHttp on kotlin-stdlib versions as old as 1.4. The library still builds\n on up-to-date Kotlin releases (1.6.21) but no longer needs that version as a runtime dependency.\n This should make it easier to use OkHttp in Gradle plugins.\n\n * Fix: Don't start the clock on response timeouts until the request body is fully transmitted.\n This is only relevant for duplex request bodies, because they are written concurrently when\n reading the response body.\n\n * New: `MockResponse.inTunnel()` is a new `mockwebserver3` API to configure responses that are\n served while creating a proxy tunnel. This obsoletes both the `tunnelProxy` argument on\n `MockWebServer` and the `UPGRADE_TO_SSL_AT_END` socket option. (Only APIs on `mockwebserver3`\n are changed; the old `okhttp3.mockwebserver` APIs remain as they always have been.\n\n\n## Version 5.0.0-alpha.7\n\n_2022-04-26_\n\n**This release introduces new Kotlin-friendly APIs.** When we migrated OkHttp from Java to Kotlin in\nOkHttp 4.0, we kept our Java-first APIs. With 5.0 we're continuing to support Java and adding\nadditional improvements for Kotlin users. In this alpha we're excited to skip-the-builder for\nrequests and remove a common source of non-null assertions (`!!`) on the response body.\n\nThe alpha releases in the 5.0.0 series have production-quality code and an unstable API. We expect\nto make changes to the APIs introduced in 5.0.0-alpha.X. These releases are safe for production use\nand 'alpha' strictly signals that we're still experimenting with some new APIs. If you're eager for\nthe fixes or features below, please upgrade.\n\n * New: Named and default parameters constructor for `Request`:\n\n ```\n val request = Request(\n url = \"https://cash.app/\".toHttpUrl(),\n )\n ```\n\n * New: `Response.body` is now non-null. This was generally the case in OkHttp 4.x, but the Kotlin\n type declaration was nullable to support rare cases like the body on `Response.cacheResponse`,\n `Response.networkResponse`, and `Response.priorResponse`. In such cases the body is now\n non-null, but attempts to read its content will fail.\n * New: Kotlin-specific APIs for request tags. Kotlin language users can lookup tags with a type\n parameter only, like `request.tag()`.\n * New: MockWebServer has improved support for HTTP/1xx responses. Once you've migrated to the new\n `mockwebserver3` package, there's a new field, `MockResponse.informationalResponses`.\n * Fix: Don't interpret trailers as headers after an HTTP/100 response. This was a bug only when\n the HTTP response body itself is empty.\n * Fix: Don't crash when a fast fallback call has both a deferred connection and a held connection.\n * Fix: `OkHttpClient` no longer implements `Cloneable`. It never should have; the class is\n immutable. This is left over from OkHttp 2.x (!) when that class was mutable. We're using the\n 5.x upgrade as an opportunity to remove very obsolete APIs.\n * Fix: Recover gracefully when Android's `NativeCrypto` crashes with `\"ssl == null\"`. This occurs\n when OkHttp retrieves ALPN state on a closed connection.\n * Upgrade: [Kotlin 1.6.21][kotlin_1_6_21].\n * Upgrade: [Okio 3.1.0][okio_3_1_0].\n\n\n## Version 5.0.0-alpha.6\n\n_2022-03-14_\n\n * Fix: Don't attempt to close pooled connections. We saw occasional fast fallback calls crash in\n the previous alpha due to an unexpected race.\n\n\n## Version 5.0.0-alpha.5\n\n_2022-02-21_\n\n * Fix: Don't include [Assertk][assertk] in OkHttp's production dependencies. This regression was\n introduced in the 5.0.0-alpha.4 release.\n * Fix: Don't ask `Dns` implementations to resolve strings that are already IP addresses.\n * Fix: Change fast fallback to race TCP handshakes only. To avoid wasted work, OkHttp will not\n attempt multiple TLS handshakes for the same call concurrently.\n * Fix: Don't crash loading the public suffix database in GraalVM native images. The function\n `HttpUrl.topPrivateDomain()` uses a resource file to identify private domains, but we didn't\n include this file on GraalVM.\n\n\n## Version 5.0.0-alpha.4\n\n_2022-02-01_\n\n**This release introduces fast fallback to better support mixed IPv4+IPv6 networks.** Fast fallback\nis what we're calling our implementation of Happy Eyeballs, [RFC 8305][rfc_8305]. With this\nfeature OkHttp will attempt both IPv6 and IPv4 connections concurrently, keeping whichever connects\nfirst. Fast fallback gives IPv6 connections a 250 ms head start so IPv6 is preferred on networks\nwhere it's available.\n\nTo opt-in, configure your `OkHttpClient.Builder`:\n\n\n```\nOkHttpClient client = new OkHttpClient.Builder()\n .fastFallback(true)\n .build();\n```\n\n * New: Change the build from Kotlin-JVM to Kotlin-multiplatform (which includes JVM). Both\n native and JavaScript platforms are unstable preview releases and subject to\n backwards-incompatible changes in forthcoming releases.\n * Fix: Don't crash loading the public suffix database resource in obfuscated builds.\n * Fix: Don't silently ignore calls to `EventSource.cancel()` made from\n `EventSourceListener.onOpen()`.\n * Fix: Enforce the max intermediates constraint when using pinned certificates with Conscrypt.\n This impacts Conscrypt when the server's presented certificates form both a trusted-but-unpinned\n chain and an untrusted-but-pinned chain.\n * Upgrade: [Kotlin 1.6.10][kotlin_1_6_10].\n\n\n## Version 5.0.0-alpha.3\n\n_2021-11-22_\n\n * Fix: Change `Headers.toString()` to redact authorization and cookie headers.\n * Fix: Don't do DNS to get the hostname for `RecordedRequest.requestUrl`. This was doing a DNS\n lookup for the local hostname, but we really just wanted the `Host` header.\n * Fix: Don't crash with a `InaccessibleObjectException` when detecting the platform trust manager\n on Java 17+.\n * Fix: Don't crash if a cookie's value is a lone double quote character.\n * Fix: Don't crash when canceling an event source created by `EventSources.processResponse()`.\n * New: `Cache` now has a public constructor that takes an [okio.FileSystem]. This should make it\n possible to implement decorators for cache encryption or compression.\n * New: `Cookie.newBuilder()` to build upon an existing cookie.\n * New: Use TLSv1.3 when running on JDK 8u261 or newer.\n * New: `QueueDispatcher.clear()` may be used to reset a MockWebServer instance.\n * New: `FileDescriptor.toRequestBody()` may be particularly useful for users of Android's Storage\n Access Framework.\n * Upgrade: [Kotlin 1.5.31][kotlin_1_5_31].\n * Upgrade: [Okio 3.0.0][okio_3_0_0].\n\n\n## Version 5.0.0-alpha.2\n\n_2021-01-30_\n\n**In this release MockWebServer has a new Maven coordinate and package name.** A longstanding\nproblem with MockWebServer has been its API dependency on JUnit 4. We've reorganized things to\nremove that dependency while preserving backwards compatibility.\n\n| Maven Coordinate | Package Name | Description |\n| :------------------------------------------------------- | :-------------------- | :-------------------------------- |\n| com.squareup.okhttp3:mockwebserver3:5.0.0-alpha.2 | mockwebserver3 | Core module. No JUnit dependency! |\n| com.squareup.okhttp3:mockwebserver3-junit4:5.0.0-alpha.2 | mockwebserver3.junit4 | Optional JUnit 4 integration. |\n| com.squareup.okhttp3:mockwebserver3-junit5:5.0.0-alpha.2 | mockwebserver3.junit5 | Optional JUnit 5 integration. |\n| com.squareup.okhttp3:mockwebserver:5.0.0-alpha.2 | okhttp3.mockwebserver | Obsolete. Depends on JUnit 4. |\n\nThe new APIs use `mockwebserver3` in both the Maven coordinate and package name. This new API is\n**not stable** and will likely change before the final 5.0.0 release.\n\nIf you have code that subclasses `okhttp3.mockwebserver.QueueDispatcher`, this update is not source\nor binary compatible. Migrating to the new `mockwebserver3` package will fix this problem.\n\n * New: DNS over HTTPS is now a stable feature of OkHttp. We introduced this as an experimental\n module in 2018. We are confident in its stable API and solid implementation.\n * Fix: Work around a crash in Android 10 and 11 that may be triggered when two threads\n concurrently close an SSL socket. This would have appeared in crash logs as\n `NullPointerException: bio == null`.\n * Fix: Use plus `+` instead of `%20` to encode space characters in `FormBody`. This was a\n longstanding bug in OkHttp. The fix makes OkHttp consistent with major web browsers.\n * Fix: Don't crash if Conscrypt returns a null version.\n * Fix: Include the public suffix data as a resource in GraalVM native images.\n * Fix: Fail fast when the cache is corrupted.\n * Fix: Fail fast when a private key cannot be encoded.\n * Fix: Fail fast when attempting to verify a non-ASCII hostname.\n * Upgrade: [GraalVM 21][graalvm_21].\n * Upgrade: [Kotlin 1.4.20][kotlin_1_4_20].\n\n\n## Version 5.0.0-alpha.1\n\n_2021-01-30_\n\n**This release adds initial support for [GraalVM][graalvm].**\n\nGraalVM is an exciting new platform and we're eager to adopt it. The startup time improvements over\nthe JVM are particularly impressive. Try it with okcurl:\n\n```\n$ ./gradlew okcurl:nativeImage\n$ ./okcurl/build/graal/okcurl https://cash.app/robots.txt\n```\n\nThis is our first release that supports GraalVM. Our code on this platform is less mature than JVM\nand Android! Please report any issues you encounter: we'll fix them urgently.\n\n * Fix: Attempt to read the response body even if the server canceled the request. This will cause\n some calls to return nice error codes like `HTTP/1.1 429 Too Many Requests` instead of transport\n errors like `SocketException: Connection reset` and `StreamResetException: stream was reset:\n CANCEL`.\n * New: Support OSGi metadata.\n * Upgrade: [Okio 2.9.0][okio_2_9_0].\n\n ```kotlin\n implementation(\"com.squareup.okio:okio:2.9.0\")\n ```\n\nNote that this was originally released on 2020-10-06 as 4.10.0-RC1. The only change from that\nrelease is the version name.\n\n## Version 4.x\n\nSee [4.x Change log](https://square.github.io/okhttp/changelogs/changelog_4x/) for the legacy version changelogs.\n\n[GraalVM]: https://www.graalvm.org/\n[Gradle module metadata]: https://docs.gradle.org/current/userguide/publishing_gradle_module_metadata.html\n[HTTP 101]: https://httpwg.org/specs/rfc9110.html#status.101\n[JPMS]: https://openjdk.org/projects/jigsaw/spec/\n[Ktor]: https://ktor.io/\n[Retrofit]: https://square.github.io/retrofit/\n[ZSTD-KMP]: https://github.com/square/zstd-kmp\n[androidx_startup]: https://developer.android.com/jetpack/androidx/releases/startup\n[annotation_1_9_1]: https://developer.android.com/jetpack/androidx/releases/annotation#annotation-1.9.1\n[assertk]: https://github.com/willowtreeapps/assertk\n[coroutines_1_10_2]: https://github.com/Kotlin/kotlinx.coroutines/releases/tag/1.10.2\n[curl]: https://curl.se/\n[elf_alignment]: https://developer.android.com/guide/practices/page-sizes\n[graalvm]: https://www.graalvm.org/\n[graalvm_21]: https://www.graalvm.org/release-notes/21_0/\n[graalvm_22]: https://www.graalvm.org/release-notes/22_2/\n[idna_15_1_0]: https://www.unicode.org/reports/tr46/#Modifications\n[kotlin_1_4_20]: https://github.com/JetBrains/kotlin/releases/tag/v1.4.20\n[kotlin_1_5_31]: https://github.com/JetBrains/kotlin/releases/tag/v1.5.31\n[kotlin_1_6_10]: https://github.com/JetBrains/kotlin/releases/tag/v1.6.10\n[kotlin_1_6_21]: https://github.com/JetBrains/kotlin/releases/tag/v1.6.21\n[kotlin_1_7_10]: https://github.com/JetBrains/kotlin/releases/tag/v1.7.10\n[kotlin_1_9_21]: https://github.com/JetBrains/kotlin/releases/tag/v1.9.21\n[kotlin_1_9_23]: https://github.com/JetBrains/kotlin/releases/tag/v1.9.23\n[kotlin_2_1_21]: https://github.com/JetBrains/kotlin/releases/tag/v2.1.21\n[kotlin_2_2_0]: https://github.com/JetBrains/kotlin/releases/tag/v2.2.0\n[kotlin_2_2_20]: https://github.com/JetBrains/kotlin/releases/tag/v2.2.20\n[kotlin_2_2_21]: https://github.com/JetBrains/kotlin/releases/tag/v2.2.21\n[loom]: https://docs.oracle.com/en/java/javase/21/core/virtual-threads.html\n[okio_2_9_0]: https://square.github.io/okio/changelog/#version-290\n[okio_3_0_0]: https://square.github.io/okio/changelog/#version-300\n[okio_3_12_0]: https://square.github.io/okio/changelog/#version-3120\n[okio_3_13_0]: https://square.github.io/okio/changelog/#version-3130\n[okio_3_15_0]: https://square.github.io/okio/changelog/#version-3150\n[okio_3_16_0]: https://square.github.io/okio/changelog/#version-3160\n[okio_3_16_1]: https://square.github.io/okio/changelog/#version-3161\n[okio_3_16_2]: https://square.github.io/okio/changelog/#version-3162\n[okio_3_16_3]: https://square.github.io/okio/changelog/#version-3163\n[okio_3_16_4]: https://square.github.io/okio/changelog/#version-3164\n[okio_3_1_0]: https://square.github.io/okio/changelog/#version-310\n[okio_3_2_0]: https://square.github.io/okio/changelog/#version-320\n[okio_3_7_0]: https://square.github.io/okio/changelog/#version-370\n[okio_3_9_0]: https://square.github.io/okio/changelog/#version-390\n[rfc_8305]: https://tools.ietf.org/html/rfc8305\n[startup_1_2_0]: https://developer.android.com/jetpack/androidx/releases/startup#1.2.0\n[uts46]: https://www.unicode.org/reports/tr46\n[zstd]: https://github.com/facebook/zstd\n[zstd_kmp_0_4_0]: https://github.com/square/zstd-kmp/blob/main/CHANGELOG.md#version-040\n"
},
{
"path": "CONTRIBUTING.md",
"content": "Contributing\n============\n\nKeeping the project small and stable limits our ability to accept new contributors. We are not\nseeking new committers at this time, but some small contributions are welcome.\n\nIf you've found a security problem, please follow our [bug bounty][security] program.\n\nIf you've found a bug, please contribute a failing test case so we can study and fix it.\n\nIf you have a new feature idea, please build it in an external library. There are\n[many libraries][works_with_okhttp] that sit on top or hook in via existing APIs. If you build\nsomething that integrates with OkHttp, tell us so that we can link it!\n\nBefore code can be accepted all contributors must complete our\n[Individual Contributor License Agreement (CLA)][cla].\n\n\nCode Contributions\n------------------\n\nGet working code on a personal branch with tests passing before you submit a PR:\n\n```\n./gradlew clean check\n```\n\nPlease make every effort to follow existing conventions and style in order to keep the code as\nreadable as possible.\n\nContribute code changes through GitHub by forking the repository and sending a pull request. We\nsquash all pull requests on merge.\n\n\nGradle Setup\n------------\n\n```\n$ cat local.properties\nsdk.dir=PATH_TO_ANDROID_HOME/sdk\norg.gradle.caching=true\n```\n\nRunning Android Tests\n---------------------\n\n$ ANDROID_SDK_ROOT=PATH_TO_ANDROID_HOME/sdk ./gradlew :android-test:connectedCheck -PandroidBuild=true\n\nCommitter's Guides\n------------------\n\n * [Concurrency][concurrency]\n * [Debug Logging][debug_logging]\n * [Releasing][releasing]\n\n [cla]: https://spreadsheets.google.com/spreadsheet/viewform?formkey=dDViT2xzUHAwRkI3X3k5Z0lQM091OGc6MQ&ndplr=1\n [concurrency]: https://square.github.io/okhttp/concurrency/\n [debug_logging]: https://square.github.io/okhttp/debug_logging/\n [releasing]: https://square.github.io/okhttp/releasing/\n [security]: https://square.github.io/okhttp/security/\n [works_with_okhttp]: https://square.github.io/okhttp/works_with_okhttp/\n [okhttp_build]: https://github.com/square/okhttp/blob/master/okhttp/build.gradle\n"
},
{
"path": "LICENSE.txt",
"content": "\n Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n \"License\" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n \"Licensor\" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n \"Legal Entity\" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n \"control\" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n \"You\" (or \"Your\") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n \"Source\" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n \"Object\" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n \"Work\" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n \"Derivative Works\" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n \"Contribution\" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, \"submitted\"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as \"Not a Contribution.\"\n\n \"Contributor\" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a \"NOTICE\" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets \"[]\"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same \"printed page\" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [yyyy] [name of copyright owner]\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n"
},
{
"path": "README.md",
"content": "OkHttp\n======\n\nSee the [project website][okhttp] for documentation and APIs.\n\nHTTP is the way modern applications network. It’s how we exchange data & media. Doing HTTP\nefficiently makes your stuff load faster and saves bandwidth.\n\nOkHttp is an HTTP client that’s efficient by default:\n\n * HTTP/2 support allows all requests to the same host to share a socket.\n * Connection pooling reduces request latency (if HTTP/2 isn’t available).\n * Transparent GZIP shrinks download sizes.\n * Response caching avoids the network completely for repeat requests.\n\nOkHttp perseveres when the network is troublesome: it will silently recover from common connection\nproblems. If your service has multiple IP addresses, OkHttp will attempt alternate addresses if the\nfirst connect fails. This is necessary for IPv4+IPv6 and services hosted in redundant data\ncenters. OkHttp supports modern TLS features (TLS 1.3, ALPN, certificate pinning). It can be\nconfigured to fall back for broad connectivity.\n\nUsing OkHttp is easy. Its request/response API is designed with fluent builders and immutability. It\nsupports both synchronous blocking calls and async calls with callbacks.\n\nA well behaved user agent\n-------------------------\n\nOkHttp follows modern HTTP specifications such as\n\n* HTTP Semantics - [RFC 9110](https://datatracker.ietf.org/doc/html/rfc9110)\n* HTTP Caching- [RFC 9111](https://datatracker.ietf.org/doc/html/rfc9111)\n* HTTP/1.1 - [RFC 9112](https://datatracker.ietf.org/doc/html/rfc9112)\n* HTTP/2 - [RFC 9113](https://datatracker.ietf.org/doc/html/rfc9113)\n* Websockets - [RFC 6455](https://datatracker.ietf.org/doc/html/rfc6455)\n* SSE - [Server-sent events](https://html.spec.whatwg.org/multipage/server-sent-events.html#server-sent-events)\n\nWhere the spec is ambiguous, OkHttp follows modern user agents such as popular Browsers or common HTTP Libraries.\n\nOkHttp is principled and avoids being overly configurable, especially when such configuration is\nto workaround a buggy server, test invalid scenarios or that contradict the relevant RFC.\nOther HTTP libraries exist that fill that gap allowing extensive customisation including potentially\ninvalid requests.\n\nExample Limitations\n\n* Does not allow GET with a body.\n* Cache is not an interface with alternative implementations.\n\nGet a URL\n---------\n\nThis program downloads a URL and prints its contents as a string. [Full source][get_example].\n\n```java\nOkHttpClient client = new OkHttpClient();\n\nString run(String url) throws IOException {\n Request request = new Request.Builder()\n .url(url)\n .build();\n\n try (Response response = client.newCall(request).execute()) {\n return response.body().string();\n }\n}\n```\n\n\nPost to a Server\n----------------\n\nThis program posts data to a service. [Full source][post_example].\n\n```java\npublic static final MediaType JSON = MediaType.get(\"application/json\");\n\nOkHttpClient client = new OkHttpClient();\n\nString post(String url, String json) throws IOException {\n RequestBody body = RequestBody.create(json, JSON);\n Request request = new Request.Builder()\n .url(url)\n .post(body)\n .build();\n try (Response response = client.newCall(request).execute()) {\n return response.body().string();\n }\n}\n```\n\nFurther examples are on the [OkHttp Recipes page][recipes].\n\n\nRequirements\n------------\n\nOkHttp works on Android 5.0+ (API level 21+) and Java 8+.\n\nOn Android, OkHttp uses [AndroidX Startup][androidx_startup]. If you disable the initializer in the manifest,\nthen apps are responsible for calling `OkHttp.initialize(applicationContext)` in `Application.onCreate`.\n\nOkHttp depends on [Okio][okio] for high-performance I/O and the [Kotlin standard library][kotlin]. Both are small libraries with strong backward-compatibility.\n\nWe highly recommend you keep OkHttp up-to-date. As with auto-updating web browsers, staying current\nwith HTTPS clients is an important defense against potential security problems. [We\ntrack][tls_history] the dynamic TLS ecosystem and adjust OkHttp to improve connectivity and\nsecurity.\n\nOkHttp uses your platform's built-in TLS implementation. On Java platforms OkHttp also supports\n[Conscrypt][conscrypt], which integrates [BoringSSL](https://github.com/google/boringssl) with Java. OkHttp will use Conscrypt if it is\nthe first security provider:\n\n```java\nSecurity.insertProviderAt(Conscrypt.newProvider(), 1);\n```\n\nThe OkHttp `3.12.x` branch supports Android 2.3+ (API level 9+) and Java 7+. These platforms lack\nsupport for TLS 1.2 and should not be used.\n\n\nReleases\n--------\n\nOur [change log][changelog] has release history.\n\nThe latest release is available on [Maven Central](https://search.maven.org/artifact/com.squareup.okhttp3/okhttp/5.3.0/jar).\n\n```kotlin\nimplementation(\"com.squareup.okhttp3:okhttp:5.3.0\")\n```\n\nSnapshot builds are [available][snap]. [R8 and ProGuard][r8_proguard] rules are available.\n\nAlso, we have a [bill of materials (BOM)][bom] available to help you keep OkHttp artifacts up to date and be sure about version compatibility.\n\n```kotlin\n dependencies {\n // define a BOM and its version\n implementation(platform(\"com.squareup.okhttp3:okhttp-bom:5.3.0\"))\n\n // define any required OkHttp artifacts without version\n implementation(\"com.squareup.okhttp3:okhttp\")\n implementation(\"com.squareup.okhttp3:logging-interceptor\")\n }\n```\n\nMaven and JVM Projects\n----------------------\n\nOkHttp is published as a Kotlin Multiplatform project. While Gradle handles this automatically,\nMaven projects must select between `okhttp-jvm` and `okhttp-android`. The `okhttp` artifact will be empty in\nMaven projects.\n\n```xml\n\n \n \n com.squareup.okhttp3\n okhttp-bom\n 5.2.0\n pom\n import\n \n \n\n```\n\n\n\n```xml\n\n com.squareup.okhttp3\n okhttp-jvm\n \n 5.1.0\n\n\n\n com.squareup.okhttp3\n mockwebserver3\n\n\n\n com.squareup.okhttp3\n logging-interceptor\n\n```\n\nMockWebServer\n-------------\n\nOkHttp includes a library for testing HTTP, HTTPS, and HTTP/2 clients.\n\nThe latest release is available on [Maven Central](https://search.maven.org/artifact/com.squareup.okhttp3/mockwebserver/5.3.0/jar).\n\n```kotlin\ntestImplementation(\"com.squareup.okhttp3:mockwebserver3:5.3.0\")\n```\n\nMockWebServer is used for firstly for internal testing, and for basic testing of apps using OkHttp client.\nIt is not a full featured HTTP testing library that is developed standalone. It is not being actively developed\nfor new features. As such you might find your needs outgrow MockWebServer and you may which to use a\nmore full featured testing library such as [MockServer](https://www.mock-server.com/).\n\nGraalVM Native Image\n--------------------\n\nBuilding your native images with [GraalVM] should work automatically.\n\nSee the okcurl module for an example build.\n\n```shell\n$ ./gradlew okcurl:nativeImage\n$ ./okcurl/build/graal/okcurl https://httpbin.org/get\n```\n\nJava Modules\n------------\n\nOkHttp (5.2+) implements Java 9 Modules.\n\nWith this in place Java builds should fail if apps attempt to use internal packages.\n\n```\nerror: package okhttp3.internal.platform is not visible\n okhttp3.internal.platform.Platform.get();\n ^\n (package okhttp3.internal.platform is declared in module okhttp3,\n which does not export it to module com.bigco.sdk)\n```\n\nThe stable public API is based on the list of defined modules:\n\n- okhttp3\n- okhttp3.brotli\n- okhttp3.coroutines\n- okhttp3.dnsoverhttps\n- okhttp3.java.net.cookiejar\n- okhttp3.logging\n- okhttp3.sse\n- okhttp3.tls\n- okhttp3.urlconnection\n- mockwebserver3\n- mockwebserver3.junit4\n- mockwebserver3.junit5\n\nLicense\n-------\n\n```\nCopyright 2019 Square, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\n [GraalVM]: https://www.graalvm.org/\n [androidx_startup]: https://developer.android.com/jetpack/androidx/releases/startup\n [bom]: https://docs.gradle.org/6.2/userguide/platforms.html#sub:bom_import\n [changelog]: https://square.github.io/okhttp/changelog/\n [conscrypt]: https://github.com/google/conscrypt/\n [get_example]: https://raw.github.com/square/okhttp/master/samples/guide/src/main/java/okhttp3/guide/GetExample.java\n [kotlin]: https://kotlinlang.org/\n [okhttp3_pro]: https://raw.githubusercontent.com/square/okhttp/master/okhttp/src/main/resources/META-INF/proguard/okhttp3.pro\n [okhttp]: https://square.github.io/okhttp/\n [okhttp_312x]: https://github.com/square/okhttp/tree/okhttp_3.12.x\n [okio]: https://github.com/square/okio\n [post_example]: https://raw.github.com/square/okhttp/master/samples/guide/src/main/java/okhttp3/guide/PostExample.java\n [r8_proguard]: https://square.github.io/okhttp/features/r8_proguard/\n [recipes]: https://square.github.io/okhttp/recipes/\n [snap]: https://s01.oss.sonatype.org/content/repositories/snapshots/\n [tls_history]: https://square.github.io/okhttp/tls_configuration_history/\n"
},
{
"path": "android-test/build.gradle.kts",
"content": "import okhttp3.buildsupport.androidBuild\n\nplugins {\n id(\"okhttp.base-conventions\")\n id(\"com.android.library\")\n id(\"de.mannodermaus.android-junit5\")\n}\n\nandroid {\n compileSdk = 36\n\n namespace = \"okhttp.android.test\"\n\n defaultConfig {\n minSdk = 21\n\n // Make sure to use the AndroidJUnitRunner (or a sub-class) in order to hook in the JUnit 5 Test Builder\n testInstrumentationRunner = \"androidx.test.runner.AndroidJUnitRunner\"\n testInstrumentationRunnerArguments += mapOf(\n \"runnerBuilder\" to \"de.mannodermaus.junit5.AndroidJUnit5Builder\",\n \"notPackage\" to \"org.bouncycastle\",\n \"configurationParameters\" to \"junit.jupiter.extensions.autodetection.enabled=true\"\n )\n }\n\n if (androidBuild) {\n sourceSets[\"androidTest\"].java.srcDirs(\n \"../okhttp-brotli/src/test/java\",\n \"../okhttp-dnsoverhttps/src/test/java\",\n \"../okhttp-logging-interceptor/src/test/java\",\n \"../okhttp-sse/src/test/java\"\n )\n }\n\n compileOptions {\n targetCompatibility(JavaVersion.VERSION_11)\n sourceCompatibility(JavaVersion.VERSION_11)\n }\n\n testOptions {\n targetSdk = 34\n unitTests.isIncludeAndroidResources = true\n }\n\n\n // issue merging due to conflict with httpclient and something else\n packagingOptions.resources.excludes += setOf(\n \"META-INF/DEPENDENCIES\",\n \"META-INF/LICENSE.md\",\n \"META-INF/LICENSE-notice.md\",\n \"README.txt\",\n \"org/bouncycastle/LICENSE\",\n \"META-INF/versions/9/OSGI-INF/MANIFEST.MF\"\n )\n}\n\ndependencies {\n implementation(libs.kotlin.reflect)\n implementation(libs.playservices.safetynet)\n \"friendsImplementation\"(projects.okhttp)\n \"friendsImplementation\"(projects.okhttpDnsoverhttps)\n\n testImplementation(projects.okhttp)\n testImplementation(libs.junit)\n testImplementation(libs.junit.ktx)\n testImplementation(libs.assertk)\n testImplementation(projects.okhttpTls)\n \"friendsTestImplementation\"(projects.loggingInterceptor)\n testImplementation(libs.androidx.test.runner)\n testImplementation(libs.robolectric)\n testImplementation(libs.androidx.espresso.core)\n testImplementation(libs.square.okio.fakefilesystem)\n testImplementation(projects.okhttpTestingSupport)\n testImplementation(libs.conscrypt.openjdk)\n testImplementation(libs.junit.jupiter.engine)\n testImplementation(libs.junit.vintage.engine)\n\n androidTestImplementation(projects.okhttpTestingSupport) {\n exclude(\"org.openjsse\", \"openjsse\")\n exclude(\"org.conscrypt\", \"conscrypt-openjdk-uber\")\n exclude(\"software.amazon.cryptools\", \"AmazonCorrettoCryptoProvider\")\n }\n androidTestImplementation(libs.assertk)\n androidTestImplementation(libs.bouncycastle.bcprov)\n androidTestImplementation(libs.bouncycastle.bctls)\n androidTestImplementation(libs.conscrypt.android)\n androidTestImplementation(projects.mockwebserver3Junit4)\n androidTestImplementation(projects.mockwebserver3Junit5)\n androidTestImplementation(projects.okhttpBrotli)\n androidTestImplementation(projects.okhttpZstd)\n androidTestImplementation(projects.okhttpDnsoverhttps)\n androidTestImplementation(projects.loggingInterceptor)\n androidTestImplementation(projects.okhttpSse)\n androidTestImplementation(projects.okhttpTls)\n androidTestImplementation(libs.androidx.junit)\n androidTestImplementation(libs.androidx.espresso.core)\n androidTestImplementation(libs.http.client5)\n androidTestImplementation(libs.kotlin.test.common)\n androidTestImplementation(libs.kotlin.test.junit)\n androidTestImplementation(libs.square.moshi)\n androidTestImplementation(libs.square.moshi.kotlin)\n androidTestImplementation(libs.square.okio.fakefilesystem)\n\n androidTestImplementation(libs.androidx.test.runner)\n androidTestImplementation(libs.junit.jupiter.api)\n androidTestImplementation(libs.junit5android.core)\n androidTestRuntimeOnly(libs.junit5android.runner)\n}\n\njunitPlatform {\n filters {\n excludeTags(\"Remote\")\n }\n}\n"
},
{
"path": "android-test/src/androidDeviceTest/README.md",
"content": "Android Test\n============\n\nA gradle module for running Android instrumentation tests on a device or emulator.\n\n1. Add an Emulator named `pixel5`, if you don't already have one\n\n```\n$ sdkmanager --install \"system-images;android-29;google_apis;x86\"\n$ echo \"no\" | avdmanager --verbose create avd --force --name \"pixel5\" --device \"pixel\" --package \"system-images;android-29;google_apis;x86\" --tag \"google_apis\" --abi \"x86\"\n```\n\n2. Run an Emulator using Android Studio or from command line.\n\n```\n$ emulator -no-window -no-snapshot-load @pixel5\n```\n\n2. Turn on logs with logcat\n\n```\n$ adb logcat '*:E' OkHttp:D Http2:D TestRunner:D TaskRunner:D OkHttpTest:D GnssHAL_GnssInterface:F DeviceStateChecker:F memtrack:F\n...\n01-01 12:53:32.811 10999 11089 D OkHttp : [49 ms] responseHeadersEnd: Response{protocol=h2, code=200, message=, url=https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAAA3d3dwhmYWNlYm9vawNjb20AABwAAQ}\n01-01 12:53:32.811 10999 11089 D OkHttp : [49 ms] responseBodyStart\n01-01 12:53:32.811 10999 11089 D OkHttp : [49 ms] responseBodyEnd: byteCount=128\n01-01 12:53:32.811 10999 11089 D OkHttp : [49 ms] connectionReleased\n01-01 12:53:32.811 10999 11089 D OkHttp : [49 ms] callEnd\n01-01 12:53:32.816 10999 11090 D OkHttp : [54 ms] responseHeadersStart\n01-01 12:53:32.816 10999 11090 D OkHttp : [54 ms] responseHeadersEnd: Response{protocol=h2, code=200, message=, url=https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAAA3d3dwhmYWNlYm9vawNjb20AAAEAAQ}\n01-01 12:53:32.817 10999 11090 D OkHttp : [55 ms] responseBodyStart\n01-01 12:53:32.818 10999 11090 D OkHttp : [56 ms] responseBodyEnd: byteCount=128\n01-01 12:53:32.818 10999 11090 D OkHttp : [56 ms] connectionReleased\n01-01 12:53:32.818 10999 11090 D OkHttp : [56 ms] callEnd\n```\n\n3. Run tests using gradle\n\n```\n$ ANDROID_SDK_ROOT=/Users/myusername/Library/Android/sdk ./gradlew :android-test:connectedCheck -PandroidBuild=true\n...\n> Task :android-test:connectedDebugAndroidTest\n...\n11:55:40 V/InstrumentationResultParser: Time: 13.271\n11:55:40 V/InstrumentationResultParser:\n11:55:40 V/InstrumentationResultParser: OK (12 tests)\n...\n11:55:40 I/XmlResultReporter: XML test result file generated at /Users/myusername/workspace/okhttp/android-test/build/outputs/androidTest-results/connected/TEST-pixel3a-Q(AVD) - 10-android-test-.xml. Total tests 13, passed 11, assumption_failure 1, ignored 1,\n...\nBUILD SUCCESSFUL in 1m 30s\n63 actionable tasks: 61 executed, 2 up-to-date\n\n```\n\nn.b. use ANDROID_SERIAL=emulator-5554 or similar if you need to select between devices.\n"
},
{
"path": "android-test/src/androidDeviceTest/java/okhttp/android/test/OkHttpTest.kt",
"content": "/*\n * Copyright (C) 2019 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp.android.test\n\nimport android.content.Context\nimport android.os.Build\nimport androidx.test.core.app.ApplicationProvider\nimport androidx.test.platform.app.InstrumentationRegistry\nimport com.google.android.gms.common.GooglePlayServicesNotAvailableException\nimport com.google.android.gms.security.ProviderInstaller\nimport com.squareup.moshi.Moshi\nimport com.squareup.moshi.kotlin.reflect.KotlinJsonAdapterFactory\nimport java.io.IOException\nimport java.net.InetAddress\nimport java.net.UnknownHostException\nimport java.security.KeyStore\nimport java.security.SecureRandom\nimport java.security.Security\nimport java.security.cert.Certificate\nimport java.security.cert.CertificateException\nimport java.security.cert.X509Certificate\nimport java.util.concurrent.atomic.AtomicInteger\nimport java.util.logging.Handler\nimport java.util.logging.Level\nimport java.util.logging.LogRecord\nimport java.util.logging.Logger\nimport javax.net.ssl.HostnameVerifier\nimport javax.net.ssl.SSLPeerUnverifiedException\nimport javax.net.ssl.SSLSocket\nimport javax.net.ssl.TrustManagerFactory\nimport javax.net.ssl.X509TrustManager\nimport mockwebserver3.MockResponse\nimport mockwebserver3.MockWebServer\nimport mockwebserver3.junit5.StartStop\nimport okhttp3.Cache\nimport okhttp3.Call\nimport okhttp3.CallEvent.CallEnd\nimport okhttp3.CallEvent.CallStart\nimport okhttp3.CallEvent.ConnectEnd\nimport okhttp3.CallEvent.ConnectStart\nimport okhttp3.CallEvent.ConnectionAcquired\nimport okhttp3.CallEvent.ConnectionReleased\nimport okhttp3.CallEvent.DnsEnd\nimport okhttp3.CallEvent.DnsStart\nimport okhttp3.CallEvent.FollowUpDecision\nimport okhttp3.CallEvent.ProxySelectEnd\nimport okhttp3.CallEvent.ProxySelectStart\nimport okhttp3.CallEvent.RequestHeadersEnd\nimport okhttp3.CallEvent.RequestHeadersStart\nimport okhttp3.CallEvent.ResponseBodyEnd\nimport okhttp3.CallEvent.ResponseBodyStart\nimport okhttp3.CallEvent.ResponseHeadersEnd\nimport okhttp3.CallEvent.ResponseHeadersStart\nimport okhttp3.CallEvent.SecureConnectEnd\nimport okhttp3.CallEvent.SecureConnectStart\nimport okhttp3.CertificatePinner\nimport okhttp3.CompressionInterceptor\nimport okhttp3.Connection\nimport okhttp3.DelegatingSSLSocket\nimport okhttp3.DelegatingSSLSocketFactory\nimport okhttp3.EventListener\nimport okhttp3.EventRecorder\nimport okhttp3.Gzip\nimport okhttp3.Headers\nimport okhttp3.HttpUrl.Companion.toHttpUrl\nimport okhttp3.OkHttpClient\nimport okhttp3.OkHttpClientTestRule\nimport okhttp3.Protocol\nimport okhttp3.Request\nimport okhttp3.TlsVersion\nimport okhttp3.brotli.Brotli\nimport okhttp3.dnsoverhttps.DnsOverHttps\nimport okhttp3.internal.concurrent.TaskRunner\nimport okhttp3.internal.http2.Http2\nimport okhttp3.internal.platform.Android10Platform\nimport okhttp3.internal.platform.AndroidPlatform\nimport okhttp3.internal.platform.Platform\nimport okhttp3.internal.platform.PlatformRegistry\nimport okhttp3.logging.LoggingEventListener\nimport okhttp3.testing.PlatformRule\nimport okhttp3.tls.HandshakeCertificates\nimport okhttp3.tls.internal.TlsUtil.localhost\nimport okhttp3.zstd.Zstd\nimport okio.ByteString.Companion.toByteString\nimport org.bouncycastle.jce.provider.BouncyCastleProvider\nimport org.bouncycastle.jsse.provider.BouncyCastleJsseProvider\nimport org.conscrypt.Conscrypt\nimport org.junit.jupiter.api.Assertions.assertEquals\nimport org.junit.jupiter.api.Assertions.assertFalse\nimport org.junit.jupiter.api.Assertions.assertNotNull\nimport org.junit.jupiter.api.Assertions.assertNull\nimport org.junit.jupiter.api.Assertions.assertTrue\nimport org.junit.jupiter.api.Assertions.fail\nimport org.junit.jupiter.api.Assumptions.assumeTrue\nimport org.junit.jupiter.api.BeforeEach\nimport org.junit.jupiter.api.Disabled\nimport org.junit.jupiter.api.Tag\nimport org.junit.jupiter.api.Test\nimport org.junit.jupiter.api.extension.RegisterExtension\nimport org.opentest4j.TestAbortedException\n\n@Tag(\"Slow\")\nclass OkHttpTest {\n @Suppress(\"RedundantVisibilityModifier\")\n @JvmField\n @RegisterExtension\n public val platform = PlatformRule()\n\n @Suppress(\"RedundantVisibilityModifier\")\n @JvmField\n @RegisterExtension\n public val clientTestRule =\n OkHttpClientTestRule().apply {\n logger = Logger.getLogger(OkHttpTest::class.java.name)\n }\n\n private var client: OkHttpClient =\n clientTestRule\n .newClientBuilder()\n .addInterceptor(CompressionInterceptor(Zstd, Brotli, Gzip))\n .build()\n\n private val moshi =\n Moshi\n .Builder()\n .add(KotlinJsonAdapterFactory())\n .build()\n\n private val handshakeCertificates = localhost()\n\n @StartStop\n private val server = MockWebServer()\n\n @BeforeEach\n fun setup() {\n // Needed because of Platform.resetForTests\n PlatformRegistry.applicationContext = ApplicationProvider.getApplicationContext()\n }\n\n @Test\n fun testPlatform() {\n assertTrue(Platform.isAndroid)\n\n if (Build.VERSION.SDK_INT >= 29) {\n assertTrue(Platform.get() is Android10Platform)\n } else {\n assertTrue(Platform.get() is AndroidPlatform)\n }\n }\n\n @Test\n fun testRequest() {\n assumeNetwork()\n\n val request = Request.Builder().url(\"https://api.twitter.com/robots.txt\").build()\n\n val response = client.newCall(request).execute()\n\n response.use {\n assertEquals(200, response.code)\n }\n }\n\n @Test\n fun testLocalhostInsecure() {\n assumeTrue(Build.VERSION.SDK_INT >= 24)\n\n val clientCertificates =\n HandshakeCertificates\n .Builder()\n .apply {\n if (Build.VERSION.SDK_INT >= 24) {\n addInsecureHost(server.hostName)\n }\n }.build()\n\n client =\n client\n .newBuilder()\n .sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager)\n .build()\n\n localhostInsecureRequest()\n }\n\n @Test\n fun testRequestWithSniRequirement() {\n assumeNetwork()\n\n val request = Request.Builder().url(\"https://docs.fabric.io/android/changelog.html\").build()\n\n val response = client.newCall(request).execute()\n\n response.use {\n assertEquals(200, response.code)\n }\n }\n\n @Test\n fun testConscryptRequest() {\n assumeNetwork()\n\n try {\n Security.insertProviderAt(Conscrypt.newProviderBuilder().build(), 1)\n\n val request = Request.Builder().url(\"https://facebook.com/robots.txt\").build()\n\n var socketClass: String? = null\n\n // Need fresh client to reset sslSocketFactoryOrNull\n client =\n OkHttpClient\n .Builder()\n .eventListenerFactory(\n clientTestRule.wrap(\n object : EventListener() {\n override fun connectionAcquired(\n call: Call,\n connection: Connection,\n ) {\n socketClass = connection.socket().javaClass.name\n }\n },\n ),\n ).build()\n\n val response = client.newCall(request).execute()\n\n response.use {\n assertEquals(Protocol.HTTP_2, response.protocol)\n assertEquals(200, response.code)\n // see https://github.com/google/conscrypt/blob/b9463b2f74df42d85c73715a5f19e005dfb7b802/android/src/main/java/org/conscrypt/Platform.java#L613\n when {\n Build.VERSION.SDK_INT >= 24 -> {\n // Conscrypt 2.5+ defaults to SSLEngine-based SSLSocket\n assertEquals(\"org.conscrypt.Java8EngineSocket\", socketClass)\n }\n\n Build.VERSION.SDK_INT < 22 -> {\n assertEquals(\"org.conscrypt.KitKatPlatformOpenSSLSocketImplAdapter\", socketClass)\n }\n\n else -> {\n assertEquals(\"org.conscrypt.ConscryptFileDescriptorSocket\", socketClass)\n }\n }\n assertEquals(TlsVersion.TLS_1_3, response.handshake?.tlsVersion)\n }\n } finally {\n Security.removeProvider(\"Conscrypt\")\n client.close()\n }\n }\n\n @Test\n fun testConscryptRequestLocalhostInsecure() {\n try {\n Security.insertProviderAt(Conscrypt.newProviderBuilder().build(), 1)\n\n val clientCertificates =\n HandshakeCertificates\n .Builder()\n .addInsecureHost(server.hostName)\n .build()\n\n // Need fresh client to reset sslSocketFactoryOrNull\n client =\n OkHttpClient\n .Builder()\n .sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager)\n .build()\n\n localhostInsecureRequest()\n } finally {\n Security.removeProvider(\"Conscrypt\")\n client.close()\n }\n }\n\n @Test\n fun testRequestUsesPlayProvider() {\n assumeNetwork()\n\n try {\n try {\n ProviderInstaller.installIfNeeded(InstrumentationRegistry.getInstrumentation().targetContext)\n } catch (gpsnae: GooglePlayServicesNotAvailableException) {\n throw TestAbortedException(\"Google Play Services not available\", gpsnae)\n }\n\n val request = Request.Builder().url(\"https://facebook.com/robots.txt\").build()\n\n var socketClass: String? = null\n\n // Need fresh client to reset sslSocketFactoryOrNull\n client =\n OkHttpClient\n .Builder()\n .eventListenerFactory(\n clientTestRule.wrap(\n object : EventListener() {\n override fun connectionAcquired(\n call: Call,\n connection: Connection,\n ) {\n socketClass = connection.socket().javaClass.name\n }\n },\n ),\n ).build()\n\n val response = client.newCall(request).execute()\n\n response.use {\n assertEquals(Protocol.HTTP_2, response.protocol)\n assertEquals(200, response.code)\n assertEquals(\"com.google.android.gms.org.conscrypt.Java8FileDescriptorSocket\", socketClass)\n assertEquals(TlsVersion.TLS_1_2, response.handshake?.tlsVersion)\n }\n } finally {\n Security.removeProvider(\"GmsCore_OpenSSL\")\n client.close()\n }\n }\n\n @Test\n fun testRequestUsesPlayProviderLocalhostInsecure() {\n try {\n try {\n ProviderInstaller.installIfNeeded(InstrumentationRegistry.getInstrumentation().targetContext)\n } catch (gpsnae: GooglePlayServicesNotAvailableException) {\n throw TestAbortedException(\"Google Play Services not available\", gpsnae)\n }\n\n val clientCertificates =\n HandshakeCertificates\n .Builder()\n .addPlatformTrustedCertificates()\n .addInsecureHost(server.hostName)\n .build()\n\n // Need fresh client to reset sslSocketFactoryOrNull\n client =\n OkHttpClient\n .Builder()\n .sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager)\n .build()\n\n localhostInsecureRequest()\n } finally {\n Security.removeProvider(\"GmsCore_OpenSSL\")\n client.close()\n }\n }\n\n private fun localhostInsecureRequest() {\n server.useHttps(handshakeCertificates.sslSocketFactory())\n\n server.enqueue(MockResponse())\n\n val request = Request.Builder().url(server.url(\"/\")).build()\n\n client.newCall(request).execute().use {\n assertEquals(200, it.code)\n assertEquals(listOf(), it.handshake?.peerCertificates)\n }\n }\n\n @Test\n fun testRequestUsesAndroidConscrypt() {\n assumeNetwork()\n\n val request = Request.Builder().url(\"https://facebook.com/robots.txt\").build()\n\n var socketClass: String? = null\n\n client =\n client\n .newBuilder()\n .eventListenerFactory(\n clientTestRule.wrap(\n object : EventListener() {\n override fun connectionAcquired(\n call: Call,\n connection: Connection,\n ) {\n socketClass = connection.socket().javaClass.name\n }\n },\n ),\n ).build()\n\n val response = client.newCall(request).execute()\n\n response.use {\n assertEquals(Protocol.HTTP_2, response.protocol)\n if (Build.VERSION.SDK_INT >= 29) {\n assertEquals(TlsVersion.TLS_1_3, response.handshake?.tlsVersion)\n } else {\n assertEquals(TlsVersion.TLS_1_2, response.handshake?.tlsVersion)\n }\n assertEquals(200, response.code)\n assertTrue(socketClass?.startsWith(\"com.android.org.conscrypt.\") == true)\n }\n }\n\n @Test\n fun testRequestUsesAndroidConscryptLocalhostInsecure() {\n assumeTrue(Build.VERSION.SDK_INT >= 24)\n\n val clientCertificates =\n HandshakeCertificates\n .Builder()\n .addPlatformTrustedCertificates()\n .apply {\n if (Build.VERSION.SDK_INT >= 24) {\n addInsecureHost(server.hostName)\n }\n }.build()\n\n client =\n client\n .newBuilder()\n .sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager)\n .build()\n\n localhostInsecureRequest()\n }\n\n @Test\n fun testHttpRequestNotBlockedOnLegacyAndroid() {\n assumeTrue(Build.VERSION.SDK_INT < 23)\n\n val request = Request.Builder().url(\"http://squareup.com/robots.txt\").build()\n\n val response = client.newCall(request).execute()\n\n response.use {\n assertEquals(200, response.code)\n }\n }\n\n @Test\n @Disabled(\"cleartext required for additional okhttp wide tests\")\n fun testHttpRequestBlocked() {\n assumeTrue(Build.VERSION.SDK_INT >= 23)\n\n val request = Request.Builder().url(\"http://squareup.com/robots.txt\").build()\n\n try {\n client.newCall(request).execute()\n fail(\"expected cleartext blocking\")\n } catch (_: java.net.UnknownServiceException) {\n }\n }\n\n data class HowsMySslResults(\n val unknown_cipher_suite_supported: Boolean,\n val beast_vuln: Boolean,\n val session_ticket_supported: Boolean,\n val tls_compression_supported: Boolean,\n val ephemeral_keys_supported: Boolean,\n val rating: String,\n val tls_version: String,\n val able_to_detect_n_minus_one_splitting: Boolean,\n val insecure_cipher_suites: Map>,\n val given_cipher_suites: List?,\n )\n\n @Test\n @Disabled\n fun testSSLFeatures() {\n assumeNetwork()\n\n val request = Request.Builder().url(\"https://www.howsmyssl.com/a/check\").build()\n\n val response = client.newCall(request).execute()\n\n val results =\n response.use {\n moshi.adapter(HowsMySslResults::class.java).fromJson(response.body.string())!!\n }\n\n Platform.get().log(\"results $results\", Platform.WARN)\n\n assertTrue(results.session_ticket_supported)\n assertEquals(\"Probably Okay\", results.rating)\n // TODO map to expected versions automatically, test ignored for now. Run manually.\n assertEquals(\"TLS 1.3\", results.tls_version)\n assertEquals(0, results.insecure_cipher_suites.size)\n\n assertEquals(TlsVersion.TLS_1_3, response.handshake?.tlsVersion)\n assertEquals(Protocol.HTTP_2, response.protocol)\n }\n\n @Test\n fun testMockWebserverRequest() {\n enableTls()\n\n server.enqueue(MockResponse(body = \"abc\"))\n\n val request = Request.Builder().url(server.url(\"/\")).build()\n\n val response = client.newCall(request).execute()\n\n response.use {\n assertEquals(200, response.code)\n assertEquals(Protocol.HTTP_2, response.protocol)\n val tlsVersion = response.handshake?.tlsVersion\n assertTrue(tlsVersion == TlsVersion.TLS_1_2 || tlsVersion == TlsVersion.TLS_1_3)\n assertEquals(\n \"CN=localhost\",\n (response.handshake!!.peerCertificates.first() as X509Certificate).subjectDN.name,\n )\n }\n }\n\n @Test\n fun testCertificatePinningFailure() {\n enableTls()\n\n val certificatePinner =\n CertificatePinner\n .Builder()\n .add(server.hostName, \"sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\")\n .build()\n client = client.newBuilder().certificatePinner(certificatePinner).build()\n\n server.enqueue(MockResponse(body = \"abc\"))\n\n val request = Request.Builder().url(server.url(\"/\")).build()\n\n try {\n client.newCall(request).execute()\n fail(\"\")\n } catch (_: SSLPeerUnverifiedException) {\n }\n }\n\n @Test\n fun testCertificatePinningSuccess() {\n enableTls()\n\n val certificatePinner =\n CertificatePinner\n .Builder()\n .add(\n server.hostName,\n CertificatePinner.pin(handshakeCertificates.trustManager.acceptedIssuers[0]),\n ).build()\n client = client.newBuilder().certificatePinner(certificatePinner).build()\n\n server.enqueue(MockResponse(body = \"abc\"))\n\n val request = Request.Builder().url(server.url(\"/\")).build()\n\n val response = client.newCall(request).execute()\n\n response.use {\n assertEquals(200, response.code)\n }\n }\n\n @Test\n fun testEventListener() {\n val eventRecorder = EventRecorder()\n\n enableTls()\n\n client =\n client\n .newBuilder()\n .eventListenerFactory(clientTestRule.wrap(eventRecorder))\n .build()\n\n server.enqueue(MockResponse(body = \"abc1\"))\n server.enqueue(MockResponse(body = \"abc2\"))\n\n val request = Request.Builder().url(server.url(\"/\")).build()\n\n client.newCall(request).execute().use { response ->\n assertEquals(200, response.code)\n }\n\n assertEquals(\n listOf(\n CallStart::class,\n ProxySelectStart::class,\n ProxySelectEnd::class,\n DnsStart::class,\n DnsEnd::class,\n ConnectStart::class,\n SecureConnectStart::class,\n SecureConnectEnd::class,\n ConnectEnd::class,\n ConnectionAcquired::class,\n RequestHeadersStart::class,\n RequestHeadersEnd::class,\n ResponseHeadersStart::class,\n ResponseHeadersEnd::class,\n FollowUpDecision::class,\n ResponseBodyStart::class,\n ResponseBodyEnd::class,\n ConnectionReleased::class,\n CallEnd::class,\n ),\n eventRecorder.recordedEventTypes(),\n )\n\n eventRecorder.clearAllEvents()\n\n client.newCall(request).execute().use { response ->\n assertEquals(200, response.code)\n }\n\n assertEquals(\n listOf(\n CallStart::class,\n ConnectionAcquired::class,\n RequestHeadersStart::class,\n RequestHeadersEnd::class,\n ResponseHeadersStart::class,\n ResponseHeadersEnd::class,\n FollowUpDecision::class,\n ResponseBodyStart::class,\n ResponseBodyEnd::class,\n ConnectionReleased::class,\n CallEnd::class,\n ),\n eventRecorder.recordedEventTypes(),\n )\n }\n\n @Test\n fun testSessionReuse() {\n val sessionIds = mutableListOf()\n\n enableTls()\n\n client =\n client\n .newBuilder()\n .eventListenerFactory(\n clientTestRule.wrap(\n object : EventListener() {\n override fun connectionAcquired(\n call: Call,\n connection: Connection,\n ) {\n val sslSocket = connection.socket() as SSLSocket\n\n sessionIds.add(\n sslSocket.session.id\n .toByteString()\n .hex(),\n )\n }\n },\n ),\n ).build()\n\n server.enqueue(MockResponse(body = \"abc1\"))\n server.enqueue(MockResponse(body = \"abc2\"))\n\n val request = Request.Builder().url(server.url(\"/\")).build()\n\n client.newCall(request).execute().use { response ->\n assertEquals(200, response.code)\n }\n\n client.connectionPool.evictAll()\n assertEquals(0, client.connectionPool.connectionCount())\n\n client.newCall(request).execute().use { response ->\n assertEquals(200, response.code)\n }\n\n assertEquals(2, sessionIds.size)\n assertEquals(sessionIds[0], sessionIds[1])\n }\n\n @Test\n fun testDnsOverHttps() {\n assumeNetwork()\n\n client =\n client\n .newBuilder()\n .eventListenerFactory(clientTestRule.wrap(LoggingEventListener.Factory()))\n .build()\n\n val dohDns = buildCloudflareIp(client)\n val dohEnabledClient =\n client\n .newBuilder()\n .eventListener(EventListener.NONE)\n .dns(dohDns)\n .build()\n\n dohEnabledClient.get(\"https://www.twitter.com/robots.txt\")\n dohEnabledClient.get(\"https://www.facebook.com/robots.txt\")\n }\n\n @Test\n fun testCustomTrustManager() {\n assumeNetwork()\n\n val trustManager =\n object : X509TrustManager {\n override fun checkClientTrusted(\n chain: Array?,\n authType: String?,\n ) {}\n\n override fun checkServerTrusted(\n chain: Array?,\n authType: String?,\n ) {}\n\n override fun getAcceptedIssuers(): Array = arrayOf()\n }\n\n val sslContext =\n Platform.get().newSSLContext().apply {\n init(null, arrayOf(trustManager), null)\n }\n val sslSocketFactory = sslContext.socketFactory\n\n val hostnameVerifier = HostnameVerifier { _, _ -> true }\n\n client =\n client\n .newBuilder()\n .sslSocketFactory(sslSocketFactory, trustManager)\n .hostnameVerifier(hostnameVerifier)\n .build()\n\n client.get(\"https://www.facebook.com/robots.txt\")\n }\n\n @Test\n fun testCustomSSLSocketFactoryWithoutALPN() {\n enableTls()\n\n server.enqueue(MockResponse(body = \"abc\"))\n\n val sslSocketFactory = client.sslSocketFactory\n val trustManager = client.x509TrustManager!!\n\n val delegatingSocketFactory =\n object : DelegatingSSLSocketFactory(sslSocketFactory) {\n override fun configureSocket(sslSocket: SSLSocket): SSLSocket =\n object : DelegatingSSLSocket(sslSocket) {\n override fun getApplicationProtocol(): String = throw UnsupportedOperationException()\n }\n }\n\n client =\n client\n .newBuilder()\n .sslSocketFactory(delegatingSocketFactory, trustManager)\n .build()\n\n val request = Request.Builder().url(server.url(\"/\").toString()).build()\n val response = client.newCall(request).execute()\n response.use {\n assertEquals(200, response.code)\n assertEquals(Protocol.HTTP_1_1, response.protocol)\n }\n }\n\n @Test\n fun testCustomTrustManagerWithAndroidCheck() {\n assumeNetwork()\n\n var withHostCalled = false\n var withoutHostCalled = false\n val trustManager =\n object : X509TrustManager {\n override fun checkClientTrusted(\n chain: Array?,\n authType: String?,\n ) {}\n\n override fun checkServerTrusted(\n chain: Array?,\n authType: String?,\n ) {\n withoutHostCalled = true\n }\n\n // called by Android via reflection in X509TrustManagerExtensions\n @Suppress(\"unused\", \"UNUSED_PARAMETER\")\n fun checkServerTrusted(\n chain: Array,\n authType: String,\n hostname: String,\n ): List {\n withHostCalled = true\n return chain.toList()\n }\n\n override fun getAcceptedIssuers(): Array = arrayOf()\n }\n\n val sslContext =\n Platform.get().newSSLContext().apply {\n init(null, arrayOf(trustManager), null)\n }\n val sslSocketFactory = sslContext.socketFactory\n\n val hostnameVerifier = HostnameVerifier { _, _ -> true }\n\n client =\n client\n .newBuilder()\n .sslSocketFactory(sslSocketFactory, trustManager)\n .hostnameVerifier(hostnameVerifier)\n .build()\n\n client.get(\"https://www.facebook.com/robots.txt\")\n\n if (Build.VERSION.SDK_INT < 24) {\n assertFalse(withHostCalled)\n assertTrue(withoutHostCalled)\n } else {\n assertTrue(withHostCalled)\n assertFalse(withoutHostCalled)\n }\n }\n\n @Test\n fun testUnderscoreRequest() {\n assumeNetwork()\n\n val request =\n Request.Builder().url(\"https://example_underscore_123.s3.amazonaws.com/\").build()\n\n try {\n client.newCall(request).execute().close()\n // Hopefully this passes\n } catch (ioe: IOException) {\n // https://github.com/square/okhttp/issues/5840\n when (ioe.cause) {\n is IllegalArgumentException -> {\n assertEquals(\"Android internal error\", ioe.message)\n }\n\n is CertificateException -> {\n assertTrue(ioe.cause?.cause is IllegalArgumentException)\n assertEquals(\n true,\n ioe.cause\n ?.cause\n ?.message\n ?.startsWith(\"Invalid input to toASCII\"),\n )\n }\n\n else -> {\n throw ioe\n }\n }\n }\n }\n\n @Test\n @Disabled(\"breaks conscrypt test\")\n fun testBouncyCastleRequest() {\n assumeNetwork()\n\n try {\n Security.insertProviderAt(BouncyCastleProvider(), 1)\n Security.insertProviderAt(BouncyCastleJsseProvider(), 2)\n\n var socketClass: String? = null\n\n val trustManager =\n TrustManagerFactory\n .getInstance(TrustManagerFactory.getDefaultAlgorithm())\n .apply {\n init(null as KeyStore?)\n }.trustManagers\n .first() as X509TrustManager\n\n val sslContext =\n Platform.get().newSSLContext().apply {\n // TODO remove most of this code after https://github.com/bcgit/bc-java/issues/686\n init(null, arrayOf(trustManager), SecureRandom())\n }\n\n client =\n client\n .newBuilder()\n .sslSocketFactory(sslContext.socketFactory, trustManager)\n .eventListenerFactory(\n clientTestRule.wrap(\n object : EventListener() {\n override fun connectionAcquired(\n call: Call,\n connection: Connection,\n ) {\n socketClass = connection.socket().javaClass.name\n }\n },\n ),\n ).build()\n\n val request = Request.Builder().url(\"https://facebook.com/robots.txt\").build()\n\n val response = client.newCall(request).execute()\n\n response.use {\n assertEquals(Protocol.HTTP_2, response.protocol)\n assertEquals(200, response.code)\n assertEquals(\"org.bouncycastle.jsse.provider.ProvSSLSocketWrap\", socketClass)\n assertEquals(TlsVersion.TLS_1_2, response.handshake?.tlsVersion)\n }\n } finally {\n Security.removeProvider(\"BCJSSE\")\n Security.removeProvider(\"BC\")\n }\n }\n\n @Test\n @Disabled(\"TODO: currently logging okhttp3.internal.concurrent.TaskRunner, okhttp3.internal.http2.Http2\")\n fun testLoggingLevels() {\n enableTls()\n\n val testHandler =\n object : Handler() {\n val calls = mutableMapOf()\n\n override fun publish(record: LogRecord) {\n calls\n .getOrPut(record.loggerName) { AtomicInteger(0) }\n .incrementAndGet()\n }\n\n override fun flush() {\n }\n\n override fun close() {\n }\n }.apply {\n level = Level.FINEST\n }\n\n Logger\n .getLogger(\"\")\n .addHandler(testHandler)\n Logger\n .getLogger(\"okhttp3\")\n .addHandler(testHandler)\n Logger\n .getLogger(Http2::class.java.name)\n .addHandler(testHandler)\n Logger\n .getLogger(TaskRunner::class.java.name)\n .addHandler(testHandler)\n Logger\n .getLogger(OkHttpClient::class.java.name)\n .addHandler(testHandler)\n\n server.enqueue(MockResponse(body = \"abc\"))\n\n val request =\n Request\n .Builder()\n .url(server.url(\"/\"))\n .build()\n\n val response =\n client\n .newCall(request)\n .execute()\n\n response.use {\n assertEquals(200, response.code)\n assertEquals(Protocol.HTTP_2, response.protocol)\n }\n\n // Only logs to the test logger above\n // Will fail if \"adb shell setprop log.tag.okhttp.Http2 DEBUG\" is called\n assertEquals(setOf(OkHttpTest::class.java.name), testHandler.calls.keys)\n }\n\n fun testCachedRequest() {\n enableTls()\n\n server.enqueue(MockResponse(body = \"abc\", headers = Headers.headersOf(\"cache-control\", \"public, max-age=3\")))\n server.enqueue(MockResponse(body = \"abc\"))\n\n val ctxt = InstrumentationRegistry.getInstrumentation().targetContext.applicationContext\n\n val cacheSize = 1L * 1024 * 1024 // 1MB\n val cache = Cache(ctxt.cacheDir.resolve(\"testCache\"), cacheSize)\n\n try {\n client =\n client\n .newBuilder()\n .cache(cache)\n .build()\n\n val request =\n Request\n .Builder()\n .url(server.url(\"/\"))\n .build()\n\n client\n .newCall(request)\n .execute()\n .use {\n assertEquals(200, it.code)\n assertNull(it.cacheResponse)\n assertNotNull(it.networkResponse)\n\n assertEquals(3, it.cacheControl.maxAgeSeconds)\n assertTrue(it.cacheControl.isPublic)\n }\n\n client\n .newCall(request)\n .execute()\n .use {\n assertEquals(200, it.code)\n assertNotNull(it.cacheResponse)\n assertNull(it.networkResponse)\n }\n\n assertEquals(1, cache.hitCount())\n assertEquals(1, cache.networkCount())\n assertEquals(2, cache.requestCount())\n } finally {\n cache.delete()\n }\n }\n\n private fun OkHttpClient.get(url: String) {\n val request = Request.Builder().url(url).build()\n val response = this.newCall(request).execute()\n\n response.use {\n assertEquals(200, response.code)\n }\n }\n\n fun buildCloudflareIp(bootstrapClient: OkHttpClient): DnsOverHttps =\n DnsOverHttps\n .Builder()\n .client(bootstrapClient)\n .url(\"https://1.1.1.1/dns-query\".toHttpUrl())\n .build()\n\n private fun enableTls() {\n client =\n client\n .newBuilder()\n .sslSocketFactory(\n handshakeCertificates.sslSocketFactory(),\n handshakeCertificates.trustManager,\n ).build()\n server.useHttps(handshakeCertificates.sslSocketFactory())\n }\n\n private fun assumeNetwork() {\n try {\n InetAddress.getByName(\"www.google.com\")\n } catch (uhe: UnknownHostException) {\n throw TestAbortedException(uhe.message, uhe)\n }\n }\n\n fun OkHttpClient.close() {\n dispatcher.executorService.shutdown()\n connectionPool.evictAll()\n }\n}\n"
},
{
"path": "android-test/src/androidDeviceTest/java/okhttp/android/test/SingleAndroidTest.kt",
"content": "/*\n * Copyright (C) 2025 Block, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp.android.test\n\nimport java.util.concurrent.TimeUnit\nimport kotlin.test.assertEquals\nimport mockwebserver3.MockResponse\nimport mockwebserver3.MockWebServer\nimport okhttp3.ConnectionPool\nimport okhttp3.OkHttpClient\nimport okhttp3.Request\nimport okhttp3.tls.internal.TlsUtil.localhost\nimport org.junit.jupiter.api.Test\n\n/**\n * This single Junit 4 test is our Android test suite on API 21-25.\n */\nclass SingleAndroidTest {\n private val handshakeCertificates = localhost()\n\n private var client: OkHttpClient =\n OkHttpClient\n .Builder()\n .sslSocketFactory(\n handshakeCertificates.sslSocketFactory(),\n handshakeCertificates.trustManager,\n ).connectionPool(ConnectionPool(0, 1, TimeUnit.SECONDS))\n .build()\n\n private val server =\n MockWebServer()\n\n @Test\n fun testHttpsRequest() {\n server.useHttps(handshakeCertificates.sslSocketFactory())\n\n server.enqueue(MockResponse())\n server.start()\n\n val request = Request.Builder().url(server.url(\"/\")).build()\n\n val response = client.newCall(request).execute()\n\n response.use {\n assertEquals(200, response.code)\n }\n\n while (client.connectionPool.connectionCount() > 0) {\n Thread.sleep(1000)\n }\n }\n\n @Test\n fun testHttpRequest() {\n server.enqueue(MockResponse())\n server.start()\n\n val request = Request.Builder().url(server.url(\"/\")).build()\n\n val response = client.newCall(request).execute()\n\n response.use {\n assertEquals(200, response.code)\n }\n\n while (client.connectionPool.connectionCount() > 0) {\n Thread.sleep(1000)\n }\n }\n}\n"
},
{
"path": "android-test/src/androidDeviceTest/java/okhttp/android/test/StrictModeTest.kt",
"content": "/*\n * Copyright (C) 2025 Block, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp.android.test\n\nimport android.os.StrictMode\nimport android.os.StrictMode.ThreadPolicy\nimport android.os.strictmode.Violation\nimport androidx.test.filters.SdkSuppress\nimport assertk.assertThat\nimport assertk.assertions.hasSize\nimport assertk.assertions.isEmpty\nimport assertk.assertions.isEqualTo\nimport okhttp3.HttpUrl.Companion.toHttpUrl\nimport okhttp3.OkHttpClient\nimport okhttp3.Request\nimport okhttp3.internal.platform.Platform\nimport org.junit.jupiter.api.AfterEach\nimport org.junit.jupiter.api.Test\nimport org.junit.jupiter.api.parallel.Isolated\n\n@Isolated\n@SdkSuppress(minSdkVersion = 28)\nclass StrictModeTest {\n private val violations = mutableListOf()\n\n @AfterEach\n fun cleanup() {\n StrictMode.setThreadPolicy(\n ThreadPolicy\n .Builder()\n .permitAll()\n .build(),\n )\n }\n\n @Test\n fun testInit() {\n Platform.resetForTests()\n\n applyStrictMode()\n\n // Not currently safe\n // See https://github.com/square/okhttp/pull/8248\n OkHttpClient()\n\n assertThat(violations).hasSize(1)\n assertThat(violations[0].message).isEqualTo(\"newSSLContext\")\n }\n\n @Test\n fun testNewCall() {\n Platform.resetForTests()\n\n val client = OkHttpClient()\n\n applyStrictMode()\n\n // Safe on main\n client.newCall(Request(\"https://google.com/robots.txt\".toHttpUrl()))\n\n assertThat(violations).isEmpty()\n }\n\n private fun applyStrictMode() {\n StrictMode.setThreadPolicy(\n ThreadPolicy\n .Builder()\n .detectCustomSlowCalls()\n .penaltyListener({ it.run() }) {\n violations.add(it)\n }.build(),\n )\n }\n}\n"
},
{
"path": "android-test/src/androidDeviceTest/java/okhttp/android/test/alpn/AlpnOverrideTest.kt",
"content": "/*\n * Copyright (C) 2020 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp.android.test.alpn\n\nimport android.os.Build\nimport android.util.Log\nimport assertk.assertThat\nimport assertk.assertions.isEqualTo\nimport javax.net.ssl.SSLSocket\nimport javax.net.ssl.SSLSocketFactory\nimport okhttp3.Call\nimport okhttp3.Connection\nimport okhttp3.ConnectionSpec\nimport okhttp3.DelegatingSSLSocketFactory\nimport okhttp3.EventListener\nimport okhttp3.OkHttpClient\nimport okhttp3.Request\nimport org.junit.jupiter.api.Tag\nimport org.junit.jupiter.api.Test\n\n/**\n * Tests for ALPN overriding on Android.\n */\n@Tag(\"Remote\")\nclass AlpnOverrideTest {\n class CustomSSLSocketFactory(\n delegate: SSLSocketFactory,\n ) : DelegatingSSLSocketFactory(delegate) {\n override fun configureSocket(sslSocket: SSLSocket): SSLSocket {\n if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {\n val parameters = sslSocket.sslParameters\n Log.d(\"CustomSSLSocketFactory\", \"old applicationProtocols: $parameters.applicationProtocols\")\n parameters.applicationProtocols = arrayOf(\"x-amzn-http-ca\")\n sslSocket.sslParameters = parameters\n }\n\n return sslSocket\n }\n }\n\n var client = OkHttpClient()\n\n @Test\n fun getWithCustomSocketFactory() {\n client =\n client\n .newBuilder()\n .sslSocketFactory(CustomSSLSocketFactory(client.sslSocketFactory), client.x509TrustManager!!)\n .connectionSpecs(\n listOf(\n ConnectionSpec\n .Builder(ConnectionSpec.MODERN_TLS)\n .supportsTlsExtensions(false)\n .build(),\n ),\n ).eventListener(\n object : EventListener() {\n override fun connectionAcquired(\n call: Call,\n connection: Connection,\n ) {\n val sslSocket = connection.socket() as SSLSocket\n println(\"Requested \" + sslSocket.sslParameters.applicationProtocols.joinToString())\n println(\"Negotiated \" + sslSocket.applicationProtocol)\n }\n },\n ).build()\n\n val request =\n Request\n .Builder()\n .url(\"https://www.google.com\")\n .build()\n client.newCall(request).execute().use { response ->\n assertThat(response.code).isEqualTo(200)\n }\n }\n}\n"
},
{
"path": "android-test/src/androidDeviceTest/java/okhttp/android/test/letsencrypt/LetsEncryptClientTest.kt",
"content": "/*\n * Copyright (C) 2020 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp.android.test.letsencrypt\n\nimport android.os.Build\nimport assertk.assertThat\nimport assertk.assertions.isEqualTo\nimport java.security.cert.X509Certificate\nimport okhttp3.OkHttpClient\nimport okhttp3.Protocol\nimport okhttp3.Request\nimport okhttp3.tls.HandshakeCertificates\nimport okhttp3.tls.decodeCertificatePem\nimport org.junit.jupiter.api.Tag\nimport org.junit.jupiter.api.Test\n\n/**\n * Test for new Let's Encrypt Root Certificate.\n */\n@Tag(\"Remote\")\nclass LetsEncryptClientTest {\n @Test fun get() {\n // These tests wont actually run before Android 8.0 as per\n // https://github.com/mannodermaus/android-junit5\n // Raised https://github.com/mannodermaus/android-junit5/issues/228 to reevaluate\n val androidMorEarlier = Build.VERSION.SDK_INT <= 23\n\n val clientBuilder = OkHttpClient.Builder()\n\n if (androidMorEarlier) {\n val cert: X509Certificate =\n \"\"\"\n -----BEGIN CERTIFICATE-----\n MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw\n TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4\n WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu\n ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY\n MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc\n h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+\n 0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U\n A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW\n T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH\n B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC\n B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv\n KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn\n OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn\n jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw\n qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI\n rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV\n HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq\n hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL\n ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ\n 3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK\n NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5\n ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur\n TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC\n jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc\n oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq\n 4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA\n mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d\n emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\n -----END CERTIFICATE-----\n \"\"\".trimIndent().decodeCertificatePem()\n\n val handshakeCertificates =\n HandshakeCertificates\n .Builder()\n // TODO reenable in official answers\n// .addPlatformTrustedCertificates()\n .addTrustedCertificate(cert)\n .build()\n\n clientBuilder\n .sslSocketFactory(\n handshakeCertificates.sslSocketFactory(),\n handshakeCertificates.trustManager,\n )\n }\n\n val client = clientBuilder.build()\n\n val request =\n Request\n .Builder()\n .url(\"https://valid-isrgrootx1.letsencrypt.org/robots.txt\")\n .build()\n client.newCall(request).execute().use { response ->\n assertThat(response.code).isEqualTo(404)\n assertThat(response.protocol).isEqualTo(Protocol.HTTP_2)\n }\n }\n}\n"
},
{
"path": "android-test/src/androidDeviceTest/java/okhttp/android/test/sni/SniOverrideTest.kt",
"content": "/*\n * Copyright (C) 2020 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp.android.test.sni\n\nimport android.os.Build\nimport android.util.Log\nimport assertk.assertThat\nimport assertk.assertions.contains\nimport assertk.assertions.isEqualTo\nimport java.security.cert.X509Certificate\nimport javax.net.ssl.SNIHostName\nimport javax.net.ssl.SNIServerName\nimport javax.net.ssl.SSLSocket\nimport javax.net.ssl.SSLSocketFactory\nimport okhttp3.DelegatingSSLSocketFactory\nimport okhttp3.Dns\nimport okhttp3.OkHttpClient\nimport okhttp3.Protocol\nimport okhttp3.Request\nimport org.junit.jupiter.api.Assumptions.assumeTrue\nimport org.junit.jupiter.api.Tag\nimport org.junit.jupiter.api.Test\n\n/**\n * Tests for SNI overriding on Android.\n */\n@Tag(\"Remote\")\nclass SniOverrideTest {\n var client =\n OkHttpClient\n .Builder()\n .build()\n\n @Test\n fun getWithCustomSocketFactory() {\n assumeTrue(Build.VERSION.SDK_INT >= 24)\n\n class CustomSSLSocketFactory(\n delegate: SSLSocketFactory,\n ) : DelegatingSSLSocketFactory(delegate) {\n override fun configureSocket(sslSocket: SSLSocket): SSLSocket {\n if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {\n val parameters = sslSocket.sslParameters\n val sni = parameters.serverNames\n Log.d(\"CustomSSLSocketFactory\", \"old SNI: $sni\")\n parameters.serverNames = mutableListOf(SNIHostName(\"cloudflare-dns.com\"))\n sslSocket.sslParameters = parameters\n }\n\n return sslSocket\n }\n }\n\n client =\n client\n .newBuilder()\n .sslSocketFactory(CustomSSLSocketFactory(client.sslSocketFactory), client.x509TrustManager!!)\n .hostnameVerifier { hostname, session ->\n val s = \"hostname: $hostname peerHost:${session.peerHost}\"\n Log.d(\"SniOverrideTest\", s)\n try {\n val cert = session.peerCertificates[0] as X509Certificate\n for (name in cert.subjectAlternativeNames) {\n if (name[0] as Int == 2) {\n Log.d(\"SniOverrideTest\", \"cert: \" + name[1])\n }\n }\n true\n } catch (e: Exception) {\n false\n }\n }.build()\n\n val request =\n Request\n .Builder()\n .url(\"https://sni.cloudflaressl.com/cdn-cgi/trace\")\n .header(\"Host\", \"cloudflare-dns.com\")\n .build()\n client.newCall(request).execute().use { response ->\n assertThat(response.code).isEqualTo(200)\n assertThat(response.protocol).isEqualTo(Protocol.HTTP_2)\n\n assertThat(response.body.string()).contains(\"h=cloudflare-dns.com\")\n }\n }\n\n @Test\n fun getWithDns() {\n client =\n client\n .newBuilder()\n .dns {\n Dns.SYSTEM.lookup(\"sni.cloudflaressl.com\")\n }.build()\n\n val request =\n Request\n .Builder()\n .url(\"https://cloudflare-dns.com/cdn-cgi/trace\")\n .build()\n client.newCall(request).execute().use { response ->\n assertThat(response.code).isEqualTo(200)\n assertThat(response.protocol).isEqualTo(Protocol.HTTP_2)\n assertThat(response.body.string()).contains(\"h=cloudflare-dns.com\")\n }\n }\n}\n"
},
{
"path": "android-test/src/main/AndroidManifest.xml",
"content": "\n\n \n \n\n \n\n\n"
},
{
"path": "android-test/src/main/res/values/strings.xml",
"content": "\n android-test\n\n"
},
{
"path": "android-test/src/main/res/xml/network_security_config.xml",
"content": "\n\n \n \n"
},
{
"path": "android-test/src/test/kotlin/okhttp/android/test/AndroidLoggingTest.kt",
"content": "/*\n * Copyright (c) 2022 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n *\n */\npackage okhttp.android.test\n\nimport android.util.Log\nimport assertk.assertThat\nimport assertk.assertions.containsExactly\nimport assertk.assertions.containsOnly\nimport assertk.assertions.isNull\nimport java.net.UnknownHostException\nimport okhttp3.ConnectionSpec\nimport okhttp3.HttpUrl.Companion.toHttpUrl\nimport okhttp3.OkHttpClient\nimport okhttp3.Request\nimport okhttp3.internal.platform.AndroidPlatform\nimport okhttp3.logging.HttpLoggingInterceptor\nimport okhttp3.logging.LoggingEventListener\nimport org.junit.Test\nimport org.junit.runner.RunWith\nimport org.robolectric.RobolectricTestRunner\nimport org.robolectric.shadows.ShadowLog\n\n@RunWith(RobolectricTestRunner::class)\nclass AndroidLoggingTest {\n val clientBuilder =\n OkHttpClient.Builder().connectionSpecs(listOf(ConnectionSpec.CLEARTEXT)).dns {\n throw UnknownHostException(\"shortcircuit\")\n }\n\n val request = Request(\"http://google.com/robots.txt\".toHttpUrl())\n\n @Test\n fun testHttpLoggingInterceptor() {\n val interceptor =\n HttpLoggingInterceptor().apply {\n level = HttpLoggingInterceptor.Level.BASIC\n }\n\n val client = clientBuilder.addInterceptor(interceptor).build()\n\n try {\n client.newCall(request).execute()\n } catch (uhe: UnknownHostException) {\n // expected\n }\n\n val logs = ShadowLog.getLogsForTag(AndroidPlatform.Tag)\n assertThat(logs.map { it.type }).containsOnly(Log.INFO)\n assertThat(\n logs.map {\n it.msg.replace(\n \"\\\\d+\".toRegex(),\n \"\",\n )\n },\n ).containsExactly(\n \"--> GET http://google.com/robots.txt\",\n \"<-- HTTP FAILED: java.net.UnknownHostException: shortcircuit. ${request.url} (ms)\",\n )\n // We should consider if these logs should retain Exceptions\n assertThat(logs.last().throwable).isNull()\n }\n\n @Test\n fun testLoggingEventListener() {\n val client = clientBuilder.eventListenerFactory(LoggingEventListener.Factory()).build()\n\n try {\n client.newCall(request).execute()\n } catch (uhe: UnknownHostException) {\n // expected\n }\n\n val logs = ShadowLog.getLogsForTag(AndroidPlatform.Tag)\n assertThat(logs.map { it.type }).containsOnly(Log.INFO)\n assertThat(\n logs.map {\n it.msg.replace(\n \"\\\\[\\\\d+ ms] \".toRegex(),\n \"\",\n )\n },\n ).containsExactly(\n \"callStart: Request{method=GET, url=http://google.com/robots.txt}\",\n \"proxySelectStart: http://google.com/\",\n \"proxySelectEnd: [DIRECT]\",\n \"dnsStart: google.com\",\n \"callFailed: java.net.UnknownHostException: shortcircuit\",\n )\n // We should consider if these logs should retain Exceptions\n assertThat(logs.last().throwable).isNull()\n }\n}\n"
},
{
"path": "android-test/src/test/kotlin/okhttp/android/test/AndroidSocketAdapterTest.kt",
"content": "/*\n * Copyright (C) 2019 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp.android.test\n\nimport java.security.Provider\nimport javax.net.ssl.SSLContext\nimport javax.net.ssl.SSLSocket\nimport okhttp3.DelegatingSSLSocket\nimport okhttp3.DelegatingSSLSocketFactory\nimport okhttp3.Protocol.HTTP_1_1\nimport okhttp3.Protocol.HTTP_2\nimport okhttp3.internal.platform.android.AndroidSocketAdapter\nimport okhttp3.internal.platform.android.ConscryptSocketAdapter\nimport okhttp3.internal.platform.android.DeferredSocketAdapter\nimport okhttp3.internal.platform.android.SocketAdapter\nimport okhttp3.internal.platform.android.StandardAndroidSocketAdapter\nimport org.conscrypt.Conscrypt\nimport org.junit.Assert.assertFalse\nimport org.junit.Assert.assertNotNull\nimport org.junit.Assert.assertNull\nimport org.junit.Assert.assertTrue\nimport org.junit.Assume.assumeFalse\nimport org.junit.Assume.assumeTrue\nimport org.junit.Test\nimport org.junit.runner.RunWith\nimport org.robolectric.ParameterizedRobolectricTestRunner\nimport org.robolectric.ParameterizedRobolectricTestRunner.Parameters\n\n@RunWith(ParameterizedRobolectricTestRunner::class)\nclass AndroidSocketAdapterTest(\n val adapter: SocketAdapter,\n) {\n val context: SSLContext by lazy {\n val provider: Provider = Conscrypt.newProviderBuilder().provideTrustManager(true).build()\n\n SSLContext.getInstance(\"TLS\", provider).apply {\n init(null, null, null)\n }\n }\n\n @Test\n fun testMatchesSupportedSocket() {\n val socketFactory = context.socketFactory\n\n val sslSocket = socketFactory.createSocket() as SSLSocket\n assertTrue(adapter.matchesSocket(sslSocket))\n\n adapter.configureTlsExtensions(sslSocket, null, listOf(HTTP_2, HTTP_1_1))\n // not connected\n assertNull(adapter.getSelectedProtocol(sslSocket))\n }\n\n @Test\n fun testMatchesSupportedAndroidSocketFactory() {\n assumeTrue(adapter is StandardAndroidSocketAdapter)\n\n assertTrue(adapter.matchesSocketFactory(context.socketFactory))\n assertNotNull(adapter.trustManager(context.socketFactory))\n }\n\n @Test\n fun testDoesntMatchSupportedCustomSocketFactory() {\n assumeFalse(adapter is StandardAndroidSocketAdapter)\n\n assertFalse(adapter.matchesSocketFactory(context.socketFactory))\n assertNull(adapter.trustManager(context.socketFactory))\n }\n\n @Test\n fun testCustomSocket() {\n val socketFactory = DelegatingSSLSocketFactory(context.socketFactory)\n\n assertFalse(adapter.matchesSocketFactory(socketFactory))\n\n val sslSocket =\n object : DelegatingSSLSocket(context.socketFactory.createSocket() as SSLSocket) {}\n assertFalse(adapter.matchesSocket(sslSocket))\n\n adapter.configureTlsExtensions(sslSocket, null, listOf(HTTP_2, HTTP_1_1))\n // not connected\n assertNull(adapter.getSelectedProtocol(sslSocket))\n }\n\n companion object {\n @JvmStatic\n @Parameters(name = \"{0}\")\n fun data(): Collection =\n listOfNotNull(\n DeferredSocketAdapter(ConscryptSocketAdapter.factory),\n DeferredSocketAdapter(AndroidSocketAdapter.factory(\"org.conscrypt\")),\n StandardAndroidSocketAdapter.buildIfSupported(\"org.conscrypt\"),\n )\n }\n}\n"
},
{
"path": "android-test/src/test/kotlin/okhttp/android/test/BaseOkHttpClientUnitTest.kt",
"content": "/*\n * Copyright (c) 2025 Block, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n *\n */\npackage okhttp.android.test\n\nimport assertk.assertThat\nimport assertk.assertions.isEqualTo\nimport assertk.assertions.isNotNull\nimport assertk.assertions.isNull\nimport java.net.InetAddress\nimport java.net.UnknownHostException\nimport okhttp3.Cache\nimport okhttp3.HttpUrl.Companion.toHttpUrl\nimport okhttp3.OkHttpClient\nimport okhttp3.Request\nimport okio.Path.Companion.toPath\nimport okio.fakefilesystem.FakeFileSystem\nimport org.junit.AssumptionViolatedException\nimport org.junit.Before\nimport org.junit.Test\n\nabstract class BaseOkHttpClientUnitTest {\n private lateinit var client: OkHttpClient\n\n @Before\n fun setUp() {\n client =\n OkHttpClient\n .Builder()\n .cache(Cache(FakeFileSystem(), \"/cache\".toPath(), 10_000_000))\n .build()\n }\n\n @Test\n fun testRequestExternal() {\n assumeNetwork()\n\n val request = Request(\"https://www.google.com/robots.txt\".toHttpUrl())\n\n val networkRequest =\n request\n .newBuilder()\n .build()\n\n val call = client.newCall(networkRequest)\n\n call.execute().use { response ->\n assertThat(response.code).isEqualTo(200)\n assertThat(response.cacheResponse).isNull()\n }\n\n val cachedCall = client.newCall(request)\n\n cachedCall.execute().use { response ->\n assertThat(response.code).isEqualTo(200)\n assertThat(response.cacheResponse).isNotNull()\n }\n }\n\n @Test\n open fun testPublicSuffixDb() {\n val httpUrl = \"https://www.google.co.uk\".toHttpUrl()\n assertThat(httpUrl.topPrivateDomain()).isEqualTo(\"google.co.uk\")\n }\n\n private fun assumeNetwork() {\n try {\n InetAddress.getByName(\"www.google.com\")\n } catch (uhe: UnknownHostException) {\n throw AssumptionViolatedException(uhe.message, uhe)\n }\n }\n}\n"
},
{
"path": "android-test/src/test/kotlin/okhttp/android/test/DisabledInitialiserTest.kt",
"content": "/*\n * Copyright (c) 2025 Block, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n *\n */\npackage okhttp.android.test\n\nimport assertk.all\nimport assertk.assertFailure\nimport assertk.assertions.cause\nimport assertk.assertions.hasClass\nimport assertk.assertions.hasMessage\nimport assertk.assertions.isNotNull\nimport java.io.IOException\nimport okhttp3.HttpUrl.Companion.toHttpUrl\nimport okhttp3.internal.platform.Platform\nimport okhttp3.internal.platform.PlatformRegistry\nimport org.junit.AfterClass\nimport org.junit.Before\nimport org.junit.Test\nimport org.junit.runner.RunWith\nimport org.robolectric.RobolectricTestRunner\nimport org.robolectric.annotation.Config\n\n@RunWith(RobolectricTestRunner::class)\n@Config(\n sdk = [23, 26, 30, 33, 35],\n)\nclass DisabledInitialiserTest {\n @Before\n fun setContext() {\n // Ensure we aren't succeeding because of another test\n Platform.resetForTests()\n PlatformRegistry.applicationContext = null\n }\n\n @Test\n fun testWithoutContext() {\n val httpUrl = \"https://www.google.co.uk\".toHttpUrl()\n assertFailure { httpUrl.topPrivateDomain() }.all {\n hasMessage(\"Unable to load PublicSuffixDatabase.list resource.\")\n cause().isNotNull().all {\n hasMessage(\n \"Platform applicationContext not initialized. \" +\n \"Startup Initializer possibly disabled, \" +\n \"call OkHttp.initialize before test.\",\n )\n hasClass()\n }\n }\n }\n\n companion object {\n @AfterClass\n @JvmStatic\n fun resetContext() {\n // Ensure we don't make other tests fail\n Platform.resetForTests()\n }\n }\n}\n"
},
{
"path": "android-test/src/test/kotlin/okhttp/android/test/NonRobolectricOkHttpClientTest.kt",
"content": "/*\n * Copyright (c) 2025 Block, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n *\n */\npackage okhttp.android.test\n\nimport assertk.all\nimport assertk.assertFailure\nimport assertk.assertions.cause\nimport assertk.assertions.hasClass\nimport assertk.assertions.hasMessage\nimport assertk.assertions.isNotNull\nimport java.io.IOException\nimport org.junit.Test\nimport org.junit.runner.RunWith\nimport org.junit.runners.JUnit4\n\n/**\n * Android test running with only stubs.\n */\n@RunWith(JUnit4::class)\nclass NonRobolectricOkHttpClientTest : BaseOkHttpClientUnitTest() {\n @Test\n override fun testPublicSuffixDb() {\n assertFailure { super.testPublicSuffixDb() }.all {\n hasMessage(\"Unable to load PublicSuffixDatabase.list resource.\")\n cause().isNotNull().all {\n hasMessage(\n \"Platform applicationContext not initialized. \" +\n \"Possibly running Android unit test without Robolectric. \" +\n \"Android tests should run with Robolectric \" +\n \"and call OkHttp.initialize before test\",\n )\n hasClass()\n }\n }\n }\n}\n"
},
{
"path": "android-test/src/test/kotlin/okhttp/android/test/RobolectricOkHttpClientTest.kt",
"content": "/*\n * Copyright (c) 2025 Block, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n *\n */\npackage okhttp.android.test\n\nimport androidx.test.core.app.ApplicationProvider\nimport okhttp3.OkHttp\nimport org.junit.Before\nimport org.junit.runner.RunWith\nimport org.robolectric.RobolectricTestRunner\nimport org.robolectric.annotation.Config\n\n@RunWith(RobolectricTestRunner::class)\n@Config(\n sdk = [23, 26, 30, 33, 35],\n)\nclass RobolectricOkHttpClientTest : BaseOkHttpClientUnitTest() {\n @Before\n fun setContext() {\n // This is awkward because Robolectric won't run our initializers and we don't want test deps\n // https://github.com/robolectric/robolectric/issues/8461\n OkHttp.initialize(ApplicationProvider.getApplicationContext())\n }\n}\n"
},
{
"path": "android-test/src/test/kotlin/okhttp/android/test/ShadowDnsResolver.kt",
"content": "/*\n * Copyright (C) 2024 Block, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp.android.test\n\nimport android.net.DnsResolver\nimport android.net.Network\nimport android.os.CancellationSignal\nimport java.net.InetAddress\nimport java.util.concurrent.Executor\nimport org.robolectric.annotation.Implementation\nimport org.robolectric.annotation.Implements\nimport org.robolectric.shadow.api.Shadow\n\n@Implements(DnsResolver::class)\nclass ShadowDnsResolver {\n var responder: (Request) -> Unit = {\n it.callback.onAnswer(listOf(), 0)\n }\n\n data class Request(\n val network: Network?,\n val domain: String,\n val nsType: Int,\n val flags: Int,\n val callback: DnsResolver.Callback>,\n )\n\n @Implementation\n fun query(\n network: Network?,\n domain: String,\n nsType: Int,\n flags: Int,\n executor: Executor,\n cancellationSignal: CancellationSignal?,\n callback: DnsResolver.Callback>,\n ) {\n responder(Request(network, domain, nsType, flags, callback))\n }\n\n companion object {\n @Implementation\n @JvmStatic\n fun getInstance(): DnsResolver = Shadow.newInstance(DnsResolver::class.java, arrayOf(), arrayOf())\n }\n}\n"
},
{
"path": "android-test-app/build.gradle.kts",
"content": "@file:Suppress(\"UnstableApiUsage\")\n\nimport okhttp3.buildsupport.testJavaVersion\n\n\nplugins {\n id(\"okhttp.base-conventions\")\n id(\"com.android.application\")\n}\n\nandroid {\n compileSdk = 36\n\n namespace = \"okhttp.android.testapp\"\n\n // Release APKs can't be tested currently with AGP\n testBuildType = \"debug\"\n\n defaultConfig {\n minSdk = 21\n targetSdk = 36\n testInstrumentationRunner = \"androidx.test.runner.AndroidJUnitRunner\"\n }\n\n compileOptions {\n targetCompatibility(JavaVersion.VERSION_11)\n sourceCompatibility(JavaVersion.VERSION_11)\n }\n\n\n buildTypes {\n release {\n isShrinkResources = true\n isMinifyEnabled = true\n signingConfig = signingConfigs.getByName(\"debug\")\n setProguardFiles(listOf(getDefaultProguardFile(\"proguard-android-optimize.txt\"), \"proguard-rules.pro\"))\n testProguardFiles(\"test-proguard-rules.pro\")\n }\n }\n\n lint {\n abortOnError = true\n }\n}\n\ndependencies {\n implementation(libs.playservices.safetynet)\n implementation(projects.okhttp)\n implementation(libs.androidx.activity)\n\n androidTestImplementation(libs.androidx.junit)\n androidTestImplementation(libs.androidx.espresso.core)\n androidTestImplementation(libs.androidx.test.runner)\n androidTestImplementation(libs.assertk)\n}\n"
},
{
"path": "android-test-app/proguard-rules.pro",
"content": "# no rules should be needed\n\n-whyareyoukeeping class okhttp3.internal.idn.IdnaMappingTable {\n *;\n}\n"
},
{
"path": "android-test-app/src/androidTest/kotlin/okhttp/android/testapp/IdnaTest.kt",
"content": "/*\n * Copyright (c) 2025 Block, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp3.android\n\nimport okhttp3.HttpUrl.Companion.toHttpUrl\nimport org.junit.Assert.assertEquals\nimport org.junit.Test\n\nclass IdnaTest {\n @Test\n fun testHostnameFunction() {\n assertEquals(\"xn--n3h.net\", \"https://☃.net/robots.txt\".toHttpUrl().host)\n }\n}\n"
},
{
"path": "android-test-app/src/androidTest/kotlin/okhttp/android/testapp/PublicSuffixDatabaseTest.kt",
"content": "/*\n * Copyright (C) 2023 Block, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp3.android\n\nimport assertk.assertThat\nimport assertk.assertions.isEqualTo\nimport okhttp3.HttpUrl.Companion.toHttpUrl\nimport org.junit.Test\n\n/**\n * Run with \"./gradlew :android-test-app:connectedCheck -PandroidBuild=true\" and make sure ANDROID_SDK_ROOT is set.\n */\nclass PublicSuffixDatabaseTest {\n @Test\n fun testTopLevelDomain() {\n assertThat(\"https://www.google.com/robots.txt\".toHttpUrl().topPrivateDomain()).isEqualTo(\"google.com\")\n }\n}\n"
},
{
"path": "android-test-app/src/main/AndroidManifest.xml",
"content": "\n\n \n\n \n \n \n \n\n \n \n \n\n \n \n \n\n \n \n \n \n\n\n"
},
{
"path": "android-test-app/src/main/kotlin/okhttp/android/testapp/MainActivity.kt",
"content": "/*\n * Copyright (C) 2023 Block, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp.android.testapp\n\nimport android.os.Bundle\nimport androidx.activity.ComponentActivity\nimport okhttp3.Call\nimport okhttp3.Callback\nimport okhttp3.HttpUrl.Companion.toHttpUrl\nimport okhttp3.OkHttpClient\nimport okhttp3.Request\nimport okhttp3.Response\nimport okhttp3.internal.platform.AndroidPlatform\nimport okio.IOException\n\nopen class MainActivity : ComponentActivity() {\n override fun onCreate(savedInstanceState: Bundle?) {\n super.onCreate(savedInstanceState)\n\n val client = OkHttpClient()\n\n // Ensure we are compiling against the right variant\n println(AndroidPlatform.isSupported)\n\n val url = \"https://github.com/square/okhttp\".toHttpUrl()\n println(url.topPrivateDomain())\n\n client.newCall(Request(url)).enqueue(\n object : Callback {\n override fun onFailure(\n call: Call,\n e: IOException,\n ) {\n println(\"failed: $e\")\n }\n\n override fun onResponse(\n call: Call,\n response: Response,\n ) {\n println(\"response: ${response.code}\")\n response.close()\n }\n },\n )\n }\n}\n"
},
{
"path": "android-test-app/src/main/kotlin/okhttp/android/testapp/MainActivity2.kt",
"content": "/*\n * Copyright (C) 2025 Block, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp.android.testapp\n\nclass MainActivity2 : MainActivity()\n"
},
{
"path": "android-test-app/src/main/kotlin/okhttp/android/testapp/TestApplication.kt",
"content": "/*\n * Copyright (C) 2023 Block, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp.android.testapp\n\nimport android.annotation.SuppressLint\nimport android.app.Application\nimport android.os.Build\nimport okhttp3.OkHttp\n\nclass TestApplication : Application() {\n override fun onCreate() {\n super.onCreate()\n\n if (isSecondaryProcess()) {\n OkHttp.initialize(applicationContext)\n }\n }\n\n private fun isSecondaryProcess(): Boolean = getProcess() != packageName\n\n @SuppressLint(\"DiscouragedPrivateApi\")\n private fun getProcess(): String? =\n if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {\n getProcessName()\n } else {\n Class\n .forName(\"android.app.ActivityThread\")\n .getDeclaredMethod(\"currentProcessName\")\n .apply { isAccessible = true }\n .invoke(null) as String\n }\n}\n"
},
{
"path": "android-test-app/src/main/res/values/strings.xml",
"content": "\n android-test\n\n"
},
{
"path": "android-test-app/src/main/res/xml/network_security_config.xml",
"content": "\n\n \n \n\n"
},
{
"path": "android-test-app/test-proguard-rules.pro",
"content": "-dontwarn **\n"
},
{
"path": "build-logic/build.gradle.kts",
"content": "plugins {\n `kotlin-dsl`\n id(\"com.diffplug.spotless\") version \"8.4.0\"\n}\n\nconfigure {\n kotlin {\n target(\"src/**/*.kt\")\n ktlint()\n }\n kotlinGradle {\n target(\"*.kts\")\n targetExclude(\"build/**/*.kts\")\n ktlint()\n }\n}\n\nrepositories {\n google()\n mavenCentral()\n gradlePluginPortal()\n}\n\ndependencies {\n implementation(libs.gradlePlugin.kotlin)\n implementation(libs.gradlePlugin.mavenPublish)\n implementation(libs.gradlePlugin.dokka)\n implementation(libs.gradlePlugin.binaryCompatibilityValidator)\n implementation(libs.gradlePlugin.android)\n implementation(libs.gradlePlugin.bnd)\n implementation(libs.aqute.bnd)\n implementation(libs.gradlePlugin.animalsniffer)\n implementation(libs.gradlePlugin.spotless)\n implementation(libs.gradlePlugin.shadow)\n implementation(libs.gradlePlugin.graalvm)\n implementation(libs.gradlePlugin.ksp)\n implementation(libs.gradlePlugin.mrjar)\n implementation(libs.gradlePlugin.tapmoc)\n implementation(libs.androidx.lint.gradle)\n implementation(libs.kotlin.gradle.plugin.api)\n}\n"
},
{
"path": "build-logic/settings.gradle.kts",
"content": "@file:Suppress(\"UnstableApiUsage\")\n\npluginManagement {\n repositories {\n mavenCentral()\n gradlePluginPortal()\n google()\n }\n}\nenableFeaturePreview(\"TYPESAFE_PROJECT_ACCESSORS\")\nrootProject.name = \"build-logic\"\n\ndependencyResolutionManagement {\n repositories {\n mavenCentral()\n gradlePluginPortal()\n google()\n }\n versionCatalogs {\n create(\"libs\") {\n from(files(\"../gradle/libs.versions.toml\"))\n }\n }\n}\n"
},
{
"path": "build-logic/src/main/kotlin/AlpnVersions.kt",
"content": "/*\n * Copyright (C) 2021 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * https://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n// https://www.eclipse.org/jetty/documentation/current/alpn-chapter.html#alpn-versions\nprivate fun alpnBootVersionForPatchVersion(patchVersion: Int): String? =\n when (patchVersion) {\n in 0..24 -> \"8.1.0.v20141016\"\n in 25..30 -> \"8.1.2.v20141202\"\n in 31..50 -> \"8.1.3.v20150130\"\n in 51..59 -> \"8.1.4.v20150727\"\n in 60..64 -> \"8.1.5.v20150921\"\n in 65..70 -> \"8.1.6.v20151105\"\n in 71..77 -> \"8.1.7.v20160121\"\n in 78..101 -> \"8.1.8.v20160420\"\n in 102..111 -> \"8.1.9.v20160720\"\n in 112..120 -> \"8.1.10.v20161026\"\n in 121..160 -> \"8.1.11.v20170118\"\n in 161..181 -> \"8.1.12.v20180117\"\n in 191..242 -> \"8.1.13.v20181017\"\n else -> null\n }\n\n/**\n * Returns the alpn-boot version specific to this OpenJDK 8 JVM, or null if this is not a Java 8 VM.\n * https://github.com/xjdr/xio/blob/master/alpn-boot.gradle\n */\nfun alpnBootVersion(): String? {\n val version = System.getProperty(\"alpn.boot.version\")\n\n if (version != null) {\n return version\n }\n\n val javaVersion = System.getProperty(\"java.version\")\n val match = \"1\\\\.8\\\\.0_(\\\\d+)(-.*)?\".toRegex().find(javaVersion) ?: return null\n\n return alpnBootVersionForPatchVersion(match.groupValues.first().toInt())\n}\n"
},
{
"path": "build-logic/src/main/kotlin/BndBuildAction.kt",
"content": "/*\n * Copyright (c) aQute SARL (2000, 2021). All Rights Reserved.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport aQute.bnd.gradle.BundleTaskExtension\nimport aQute.bnd.osgi.Builder\nimport aQute.bnd.osgi.Constants\nimport aQute.bnd.osgi.Jar\nimport aQute.bnd.osgi.Processor\nimport aQute.bnd.version.MavenVersion\nimport aQute.lib.io.IO\nimport aQute.lib.utf8properties.UTF8Properties\nimport java.io.File\nimport java.util.Properties\nimport java.util.jar.Manifest\nimport java.util.zip.ZipFile\nimport org.gradle.api.Action\nimport org.gradle.api.GradleException\nimport org.gradle.api.Task\nimport org.gradle.api.file.ConfigurableFileCollection\nimport org.gradle.api.file.FileCollection\nimport org.gradle.api.file.ProjectLayout\nimport org.gradle.api.file.RegularFileProperty\nimport org.gradle.api.provider.MapProperty\nimport org.gradle.api.provider.Provider\nimport org.gradle.api.tasks.bundling.Jar as GradleJar\nimport org.gradle.api.tasks.bundling.ZipEntryCompression\n\n/**\n * A static BuildAction that does not capture the Task instance, enabling Configuration Cache\n * compatibility.\n *\n * This class is based on bundled code from the BND Gradle Plugin.\n * https://github.com/bndtools/bnd/blob/master/gradle-plugins/biz.aQute.bnd.gradle/src/main/java/aQute/bnd/gradle/BundleTaskExtension.java\n */\nclass BndBuildAction(\n private val properties: MapProperty,\n private val classpath: ConfigurableFileCollection,\n private val sourcepath: FileCollection,\n private val bundleSymbolicName: Provider,\n private val bundleVersion: Provider,\n private val bndfile: RegularFileProperty,\n private val bnd: Provider,\n private val layout: ProjectLayout,\n private val entryCompression: ZipEntryCompression,\n private val preserveFileTimestamps: Boolean,\n) : Action {\n constructor(\n extension: BundleTaskExtension,\n task: GradleJar,\n sourceSet: FileCollection,\n ) : this(\n extension.properties,\n extension.classpath,\n // Sourcepath default: all source\n sourceSet,\n // Symbolic name default logic\n task.archiveBaseName.zip(task.archiveClassifier) { baseName, classifier ->\n if (classifier.isNullOrEmpty()) baseName else \"$baseName-$classifier\"\n },\n task.archiveVersion.orElse(\"0\").map { version ->\n MavenVersion.parseMavenString(version).osGiVersion.toString()\n },\n extension.bndfile,\n extension.bnd,\n task.project.layout,\n task.entryCompression,\n task.isPreserveFileTimestamps,\n )\n\n override fun execute(task: Task) {\n task as GradleJar\n val temporaryDir = task.temporaryDir\n val projectDir = layout.projectDirectory.asFile\n\n val gradleProperties = Properties()\n properties.get().forEach { (k, v) ->\n if (v is Provider<*>) {\n val value = v.getOrNull()\n if (value != null) gradleProperties[k] = value\n } else {\n gradleProperties[k] = v\n }\n }\n\n // Set default values if not present\n if (!gradleProperties.containsKey(Constants.BUNDLE_SYMBOLICNAME)) {\n gradleProperties[Constants.BUNDLE_SYMBOLICNAME] = bundleSymbolicName.get()\n }\n if (!gradleProperties.containsKey(Constants.BUNDLE_VERSION)) {\n gradleProperties[Constants.BUNDLE_VERSION] = bundleVersion.get()\n }\n\n // Do not capture 'task' in gradleProperties to avoid serialization issues\n\n try {\n Builder(Processor(gradleProperties, false)).use { builder ->\n val temporaryBndFile = File.createTempFile(\"bnd\", \".bnd\", temporaryDir)\n IO.writer(temporaryBndFile).use { writer ->\n val bndFileVal = bndfile.asFile.getOrNull()\n if (bndFileVal != null && bndFileVal.isFile) {\n Processor(gradleProperties).let { p ->\n p.loadProperties(bndFileVal).store(writer, null)\n }\n } else {\n val bndVal = bnd.getOrElse(\"\")\n if (bndVal.isNotEmpty()) {\n val props = UTF8Properties()\n props.load(bndVal, File(projectDir, \"build.gradle.kts\"), builder)\n props.replaceHere(projectDir).store(writer, null)\n }\n }\n }\n builder.setProperties(temporaryBndFile, projectDir)\n\n builder.setProperty(\"project.output\", temporaryDir.canonicalPath)\n\n if (builder.`is`(Constants.NOBUNDLES)) return\n\n val archiveFile = task.archiveFile.get().asFile\n val archiveFileName = task.archiveFileName.get()\n\n val archiveCopyFile = File(temporaryDir, archiveFileName)\n IO.copy(archiveFile, archiveCopyFile)\n\n val bundleJar = Jar(archiveFileName, archiveCopyFile)\n\n if (builder.getProperty(Constants.REPRODUCIBLE) == null && !preserveFileTimestamps) {\n builder.setProperty(Constants.REPRODUCIBLE, \"true\")\n }\n if (builder.getProperty(Constants.COMPRESSION) == null) {\n builder.setProperty(\n Constants.COMPRESSION,\n when (entryCompression) {\n ZipEntryCompression.STORED -> Jar.Compression.STORE.name\n else -> Jar.Compression.DEFLATE.name\n },\n )\n }\n\n bundleJar.updateModified(archiveFile.lastModified(), \"time of Jar task generated jar\")\n bundleJar.manifest = Manifest()\n builder.setJar(bundleJar)\n\n val validClasspath = classpath.filter { it.exists() && (it.isDirectory || isZip(it)) }\n builder.setProperty(\"project.buildpath\", validClasspath.asPath)\n builder.setClasspath(validClasspath.files.toTypedArray())\n\n val validSourcepath = sourcepath.filter { it.exists() }\n builder.setProperty(\"project.sourcepath\", validSourcepath.asPath)\n builder.setSourcepath(validSourcepath.files.toTypedArray())\n\n val builtJar = builder.build()\n if (!builder.isOk) {\n builder.getErrors().forEach { task.logger.error(\"Error: $it\") }\n builder.getWarnings().forEach { task.logger.warn(\"Warning: $it\") }\n throw GradleException(\"Bundle $archiveFileName has errors\")\n }\n\n builtJar.write(archiveFile)\n archiveFile.setLastModified(System.currentTimeMillis())\n }\n } catch (e: Exception) {\n throw GradleException(\"Bnd build failed\", e)\n }\n }\n\n private fun isZip(file: File): Boolean =\n try {\n ZipFile(file).close()\n true\n } catch (e: Exception) {\n false\n }\n\n companion object {\n /**\n * BND is incompatible with Kotlin/Multiplatform because it assumes the JVM source set's name is\n * 'main'. Work around this by creating a 'main' source set that forwards to 'jvmMain'.\n */\n fun installWorkaround(project: org.gradle.api.Project): org.gradle.api.tasks.SourceSet {\n val sourceSets =\n project.extensions\n .getByType(org.gradle.api.plugins.JavaPluginExtension::class.java)\n .sourceSets\n val existingMain = sourceSets.findByName(\"main\")\n if (existingMain != null) return existingMain\n\n val jvmMainSourceSet = sourceSets.getByName(\"jvmMain\")\n val mainSourceSet =\n object : org.gradle.api.tasks.SourceSet by jvmMainSourceSet {\n override fun getName() = \"main\"\n\n override fun getProcessResourcesTaskName() = \"${jvmMainSourceSet.processResourcesTaskName}ForFakeMain\"\n\n override fun getCompileJavaTaskName() = \"${jvmMainSourceSet.compileJavaTaskName}ForFakeMain\"\n\n override fun getClassesTaskName() = \"${jvmMainSourceSet.classesTaskName}ForFakeMain\"\n\n override fun getCompileOnlyConfigurationName(): String = jvmMainSourceSet.compileOnlyConfigurationName + \"ForFakeMain\"\n\n override fun getCompileClasspathConfigurationName(): String = jvmMainSourceSet.compileClasspathConfigurationName + \"ForFakeMain\"\n\n override fun getImplementationConfigurationName(): String = jvmMainSourceSet.implementationConfigurationName + \"ForFakeMain\"\n\n override fun getAnnotationProcessorConfigurationName(): String =\n jvmMainSourceSet.annotationProcessorConfigurationName + \"ForFakeMain\"\n\n override fun getRuntimeClasspathConfigurationName(): String = jvmMainSourceSet.runtimeClasspathConfigurationName + \"ForFakeMain\"\n\n override fun getRuntimeOnlyConfigurationName(): String = jvmMainSourceSet.runtimeOnlyConfigurationName + \"ForFakeMain\"\n\n override fun getTaskName(\n verb: String?,\n target: String?,\n ) = \"${jvmMainSourceSet.getTaskName(verb, target)}ForFakeMain\"\n }\n sourceSets.add(mainSourceSet)\n project.tasks.named { it.endsWith(\"ForFakeMain\") }.configureEach { onlyIf { false } }\n\n return mainSourceSet\n }\n }\n}\n"
},
{
"path": "build-logic/src/main/kotlin/JavaModules.kt",
"content": "/*\n * Copyright (C) 2025 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * https://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport me.champeau.mrjar.MultiReleaseExtension\nimport org.gradle.api.Project\nimport org.gradle.api.plugins.JavaPluginExtension\nimport org.gradle.api.tasks.compile.JavaCompile\nimport org.gradle.jvm.toolchain.JavaToolchainService\nimport org.gradle.kotlin.dsl.configure\nimport org.gradle.kotlin.dsl.getByType\nimport org.gradle.kotlin.dsl.named\nimport org.jetbrains.kotlin.gradle.tasks.KotlinJvmCompile\n\nfun Project.applyJavaModules(\n moduleName: String,\n defaultVersion: Int = 8,\n javaModuleVersion: Int = 9,\n enableValidation: Boolean = true,\n) {\n plugins.apply(\"me.champeau.mrjar\")\n\n configure {\n targetVersions(defaultVersion, javaModuleVersion)\n }\n\n tasks.named(\"compileJava9Java\").configure {\n val compileKotlinTask = tasks.getByName(\"compileKotlin\") as KotlinJvmCompile\n dependsOn(compileKotlinTask)\n\n if (enableValidation) {\n compileKotlinTask.source(file(\"src/main/java9\"))\n }\n\n // Ignore warnings about using 'requires transitive' on automatic modules.\n // not needed when compiling with recent JDKs, e.g. 17\n options.compilerArgs.add(\"-Xlint:-requires-transitive-automatic\")\n\n // Patch the compileKotlinJvm output classes into the compilation so exporting packages works correctly.\n options.compilerArgs.addAll(\n listOf(\n \"--patch-module\",\n \"$moduleName=${compileKotlinTask.destinationDirectory.get().asFile}\",\n ),\n )\n\n classpath = compileKotlinTask.libraries\n modularity.inferModulePath.set(true)\n\n val javaToolchains = project.extensions.getByType()\n val javaPluginExtension = project.extensions.getByType()\n javaCompiler.set(javaToolchains.compilerFor(javaPluginExtension.toolchain))\n }\n}\n"
},
{
"path": "build-logic/src/main/kotlin/Osgi.kt",
"content": "/*\n * Copyright (C) 2021 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * https://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport aQute.bnd.gradle.BundleTaskExtension\nimport org.gradle.api.Project\nimport org.gradle.api.artifacts.MinimalExternalModuleDependency\nimport org.gradle.api.artifacts.VersionCatalogsExtension\nimport org.gradle.api.plugins.ExtensionAware\nimport org.gradle.api.tasks.SourceSetContainer\nimport org.gradle.api.tasks.bundling.Jar as GradleJar\nimport org.gradle.kotlin.dsl.dependencies\nimport org.gradle.kotlin.dsl.get\nimport org.gradle.kotlin.dsl.getByName\nimport org.gradle.kotlin.dsl.named\nimport org.gradle.kotlin.dsl.provideDelegate\n\nfun Project.applyOsgi(vararg bndProperties: String) {\n plugins.withId(\"org.jetbrains.kotlin.jvm\") { applyOsgi(\"jar\", \"osgiApi\", bndProperties) }\n}\n\nprivate fun Project.applyOsgi(\n jarTaskName: String,\n osgiApiConfigurationName: String,\n bndProperties: Array,\n) {\n val osgi = project.sourceSets.create(\"osgi\")\n val osgiApi = project.configurations.getByName(osgiApiConfigurationName)\n\n project.dependencies { osgiApi(kotlinOsgi) }\n\n val jarTask = tasks.getByName(jarTaskName)\n val bundleExtension =\n jarTask.extensions.create(\n BundleTaskExtension.NAME,\n BundleTaskExtension::class.java,\n jarTask,\n )\n bundleExtension.run {\n setClasspath(osgi.compileClasspath + sourceSets[\"main\"].compileClasspath)\n properties.empty()\n bnd(*bndProperties)\n }\n jarTask.doLast(\n \"buildBundle\",\n BndBuildAction(bundleExtension, jarTask, sourceSets[\"main\"].allSource),\n )\n}\n\nfun Project.applyOsgiMultiplatform(vararg bndProperties: String) {\n // BND is incompatible with Kotlin/Multiplatform because it assumes the JVM source set's\n // name is\n // 'main'. Work around this by creating a 'main' source set that forwards to 'jvmMain'.\n //\n // The forwarding SourceSet also needs to fake out some task names to prevent them from\n // being\n // registered twice.\n //\n // https://github.com/bndtools/bnd/issues/6590\n val mainSourceSet = BndBuildAction.installWorkaround(project)\n\n val osgiApi = configurations.create(\"osgiApi\")\n dependencies { osgiApi(kotlinOsgi) }\n\n tasks.named(\"jvmJar\").configure {\n val bundleExtension =\n extensions.create(\n BundleTaskExtension.NAME,\n BundleTaskExtension::class.java,\n this,\n )\n val osgiApiArtifacts = osgiApi.artifacts\n val jvmMainClasses = tasks.named(\"jvmMainClasses\").map { it.outputs.files }\n bundleExtension.apply {\n classpath(osgiApiArtifacts)\n classpath(jvmMainClasses)\n properties.empty()\n bnd(*bndProperties)\n }\n doLast(\"buildBundle\", BndBuildAction(bundleExtension, this, mainSourceSet.allSource))\n }\n}\n\nval Project.sourceSets: SourceSetContainer\n get() = (this as ExtensionAware).extensions[\"sourceSets\"] as SourceSetContainer\n\nprivate val Project.kotlinOsgi: MinimalExternalModuleDependency\n get() =\n extensions\n .getByType(VersionCatalogsExtension::class.java)\n .named(\"libs\")\n .findLibrary(\"kotlin.stdlib.osgi\")\n .get()\n .get()\n"
},
{
"path": "build-logic/src/main/kotlin/okhttp.base-conventions.gradle.kts",
"content": "import org.gradle.api.artifacts.VersionCatalogsExtension\nimport okhttp3.buildsupport.platform\nimport okhttp3.buildsupport.testJavaVersion\nimport org.gradle.kotlin.dsl.withType\nimport org.jetbrains.kotlin.gradle.tasks.KotlinCompile\n\nval libs = extensions.getByType().named(\"libs\")\n\ngroup = \"com.squareup.okhttp3\"\nversion = \"5.4.0-SNAPSHOT\"\n\nval platform = project.platform\nval testJavaVersion = project.testJavaVersion\n\n\n// Friend configurations - moved here to be shared across all modules (including android-test)\nval friendsApi = configurations.maybeCreate(\"friendsApi\").apply {\n isCanBeResolved = true\n isCanBeConsumed = false\n isTransitive = true\n}\nval friendsImplementation = configurations.maybeCreate(\"friendsImplementation\").apply {\n isCanBeResolved = true\n isCanBeConsumed = false\n isTransitive = false\n}\nval friendsTestImplementation = configurations.maybeCreate(\"friendsTestImplementation\").apply {\n isCanBeResolved = true\n isCanBeConsumed = false\n isTransitive = false\n}\n\nconfigurations.configureEach {\n if (name == \"implementation\") {\n extendsFrom(friendsApi, friendsImplementation)\n }\n if (name == \"api\") {\n extendsFrom(friendsApi)\n }\n if (name == \"testImplementation\") {\n extendsFrom(friendsTestImplementation)\n }\n}\n\ntasks.withType().configureEach {\n friendPaths.from(friendsApi.incoming.artifactView { }.files)\n friendPaths.from(friendsImplementation.incoming.artifactView { }.files)\n friendPaths.from(friendsTestImplementation.incoming.artifactView { }.files)\n}\n\nval resolvableConfigurations = configurations.filter { it.isCanBeResolved }\ntasks.register(\"downloadDependencies\") {\n description = \"Download all dependencies to the Gradle cache\"\n doLast {\n for (configuration in resolvableConfigurations) {\n configuration.files\n }\n }\n}\n\nnormalization {\n runtimeClasspath {\n metaInf {\n ignoreAttribute(\"Bnd-LastModified\")\n }\n }\n}\n"
},
{
"path": "build-logic/src/main/kotlin/okhttp.dokka-multimodule-conventions.gradle.kts",
"content": "val okhttpDokka: String? by project\nval dokkaBuild = okhttpDokka?.toBoolean() == true\n\nif (dokkaBuild) {\n apply(plugin = \"org.jetbrains.dokka\")\n\n dependencies {\n add(\"dokka\", project(\":okhttp\"))\n add(\"dokka\", project(\":okhttp-brotli\"))\n add(\"dokka\", project(\":okhttp-coroutines\"))\n add(\"dokka\", project(\":okhttp-dnsoverhttps\"))\n add(\"dokka\", project(\":okhttp-java-net-cookiejar\"))\n add(\"dokka\", project(\":logging-interceptor\"))\n add(\"dokka\", project(\":okhttp-sse\"))\n add(\"dokka\", project(\":okhttp-tls\"))\n add(\"dokka\", project(\":okhttp-urlconnection\"))\n add(\"dokka\", project(\":okhttp-zstd\"))\n add(\"dokka\", project(\":mockwebserver\"))\n add(\"dokka\", project(\":mockwebserver3\"))\n add(\"dokka\", project(\":mockwebserver3-junit4\"))\n add(\"dokka\", project(\":mockwebserver3-junit5\"))\n }\n}\n"
},
{
"path": "build-logic/src/main/kotlin/okhttp.jvm-conventions.gradle.kts",
"content": "import org.jetbrains.kotlin.gradle.dsl.JvmTarget\nimport org.jetbrains.kotlin.gradle.tasks.KotlinCompile\nimport tapmoc.TapmocExtension\nimport tapmoc.configureKotlinCompatibility\n\nplugins {\n id(\"okhttp.base-conventions\")\n id(\"com.gradleup.tapmoc\")\n}\n\nval libs = extensions.getByType().named(\"libs\")\n\nfun library(alias: String) = libs.findLibrary(alias).get().get().let {\n \"${it.module.group}:${it.module.name}:${it.versionConstraint.requiredVersion}\"\n}\nfun version(alias: String) = libs.findVersion(alias).get().toString()\n\nextensions.configure {\n toolchain {\n languageVersion.set(JavaLanguageVersion.of(21))\n }\n}\n\n// Introduce in a separate change\n//configureJavaCompatibility(javaVersion = 8)\n\nconfigureKotlinCompatibility(version = version(\"kotlinCoreLibrariesVersion\"))\n\ntasks.withType {\n options.encoding = Charsets.UTF_8.toString()\n if (name.contains(\"Java9\")) {\n sourceCompatibility = \"9\"\n targetCompatibility = \"9\"\n } else {\n sourceCompatibility = \"1.8\"\n targetCompatibility = \"1.8\"\n }\n}\n\ntasks.withType {\n compilerOptions {\n jvmTarget.set(JvmTarget.JVM_1_8)\n freeCompilerArgs.addAll(\n \"-Xjvm-default=all\",\n \"-Xexpect-actual-classes\",\n )\n }\n}\n\nextensions.configure {\n // Fail the build if any api dependency exposes incompatible Kotlin metadata, Kotlin stdlib, or Java bytecode version.\n checkDependencies()\n}\n"
},
{
"path": "build-logic/src/main/kotlin/okhttp.publish-conventions.gradle.kts",
"content": "import com.vanniktech.maven.publish.JavadocJar\nimport com.vanniktech.maven.publish.KotlinJvm\nimport com.vanniktech.maven.publish.KotlinMultiplatform\nimport com.vanniktech.maven.publish.MavenPublishBaseExtension\nimport kotlinx.validation.ApiValidationExtension\nimport kotlinx.validation.KotlinApiBuildTask\nimport kotlinx.validation.KotlinApiCompareTask\n\nplugins {\n id(\"com.vanniktech.maven.publish.base\")\n id(\"binary-compatibility-validator\")\n}\n\nconfigure {\n publishToMavenCentral(automaticRelease = true)\n signAllPublications()\n pom {\n name.set(project.name)\n description.set(\"Square’s meticulous HTTP client for Java and Kotlin.\")\n url.set(\"https://square.github.io/okhttp/\")\n licenses {\n license {\n name.set(\"The Apache Software License, Version 2.0\")\n url.set(\"https://www.apache.org/licenses/LICENSE-2.0.txt\")\n distribution.set(\"repo\")\n }\n }\n scm {\n connection.set(\"scm:git:https://github.com/square/okhttp.git\")\n developerConnection.set(\"scm:git:ssh://git@github.com/square/okhttp.git\")\n url.set(\"https://github.com/square/okhttp\")\n }\n developers {\n developer {\n name.set(\"Square, Inc.\")\n }\n }\n }\n\n if (project.name == \"okhttp\") {\n configure(KotlinMultiplatform(javadocJar = JavadocJar.Empty()))\n } else if (plugins.hasPlugin(JavaBasePlugin::class.java)) {\n configure(KotlinJvm(javadocJar = JavadocJar.Empty()))\n }\n}\n\nconfigure {\n ignoredPackages += \"okhttp3.logging.internal\"\n ignoredPackages += \"mockwebserver3.internal\"\n ignoredPackages += \"okhttp3.internal\"\n ignoredPackages += \"mockwebserver3.junit5.internal\"\n ignoredPackages += \"okhttp3.brotli.internal\"\n ignoredPackages += \"okhttp3.sse.internal\"\n ignoredPackages += \"okhttp3.tls.internal\"\n}\n\nif (project.name == \"okhttp\") {\n // Workaround for https://github.com/Kotlin/binary-compatibility-validator/issues/312\n val apiBuild = tasks.register(\"androidApiBuild\") {\n outputApiFile = project.layout.buildDirectory.file(\"${this.name}/okhttp.api\")\n inputClassesDirs.from(tasks.getByName(\"compileAndroidMain\").outputs)\n }\n val apiCheck = tasks.register(\"androidApiCheck\") {\n group = \"verification\"\n projectApiFile = project.file(\"api/android/okhttp.api\")\n generatedApiFile = apiBuild.flatMap(KotlinApiBuildTask::outputApiFile)\n }\n val apiDump = tasks.register(\"androidApiDump\") {\n from(apiBuild.flatMap(KotlinApiBuildTask::outputApiFile))\n destinationDir = project.file(\"api/android\")\n }\n\n tasks.named(\"apiDump\").configure { dependsOn(apiDump) }\n tasks.named(\"apiCheck\").configure { dependsOn(apiCheck) }\n}\n"
},
{
"path": "build-logic/src/main/kotlin/okhttp.quality-conventions.gradle.kts",
"content": "import com.vanniktech.maven.publish.MavenPublishBaseExtension\nimport ru.vyarus.gradle.plugin.animalsniffer.AnimalSnifferExtension\nimport org.gradle.api.artifacts.VersionCatalogsExtension\nimport org.gradle.kotlin.dsl.withType\nimport ru.vyarus.gradle.plugin.animalsniffer.AnimalSniffer\n\nplugins {\n id(\"okhttp.base-conventions\")\n id(\"checkstyle\")\n id(\"ru.vyarus.animalsniffer\")\n id(\"com.android.lint\")\n id(\"com.diffplug.spotless\")\n}\n\nval libs = extensions.getByType().named(\"libs\")\n\nfun library(alias: String) = libs.findLibrary(alias).get().get().let {\n \"${it.module.group}:${it.module.name}:${it.versionConstraint.requiredVersion}\"\n}\nfun version(alias: String) = libs.findVersion(alias).get().toString()\n\ntasks.withType().configureEach {\n exclude(\"**/CipherSuite.java\")\n}\n\nval checkstyleConfig = configurations.maybeCreate(\"checkstyleConfig\")\ndependencies {\n add(\"checkstyleConfig\", library(\"checkstyle\")) {\n isTransitive = false\n }\n}\n\nconfigure {\n config = resources.text.fromArchiveEntry(checkstyleConfig, \"google_checks.xml\")\n toolVersion = version(\"checkstyle\")\n\n val sourceSets = project.extensions.findByType()\n val main = sourceSets?.findByName(\"main\") ?: sourceSets?.findByName(\"jvmMain\")\n if (main != null) {\n this.sourceSets = listOf(main)\n }\n}\n\nval androidSignature = configurations.maybeCreate(\"androidSignature\")\nval jvmSignature = configurations.maybeCreate(\"jvmSignature\")\n\nconfigure {\n annotation = \"okhttp3.internal.SuppressSignatureCheck\"\n\n val sourceSets = project.extensions.findByType()\n val main = sourceSets?.findByName(\"main\") ?: sourceSets?.findByName(\"jvmMain\")\n if (main != null) {\n this.sourceSets = listOf(main)\n }\n\n signatures = androidSignature + jvmSignature\n failWithoutSignatures = false\n}\n\n// Default to only published modules\nproject.tasks.withType {\n val hasMavenPublish = project.extensions.findByType() != null\n onlyIf {\n hasMavenPublish\n }\n}\n\ndependencies {\n // Logic for signatures should be moved to the applying module or configured via extension\n // For now, we'll keep the standard ones and allow modules to add more\n androidSignature(library(\"signature-android-apilevel21\")) { artifact { type = \"signature\" } }\n jvmSignature(library(\"codehaus-signature-java18\")) { artifact { type = \"signature\" } }\n\n \"lintChecks\"(library(\"androidx-lint-gradle\"))\n}\n\nconfigure {\n xmlReport = true\n checkDependencies = true\n}\n\nconfigure {\n kotlin {\n target(\"src/**/*.kt\")\n targetExclude(\"**/kotlinTemplates/**/*.kt\")\n ktlint()\n suppressLintsFor {\n step = \"ktlint\"\n shortCode = \"standard:mixed-condition-operators\"\n }\n }\n kotlinGradle {\n target(\"*.kts\")\n ktlint()\n }\n}\n"
},
{
"path": "build-logic/src/main/kotlin/okhttp.testing-conventions.gradle.kts",
"content": "import org.gradle.api.tasks.testing.logging.TestExceptionFormat\nimport org.gradle.api.artifacts.VersionCatalogsExtension\nimport okhttp3.buildsupport.platform\nimport okhttp3.buildsupport.testJavaVersion\n\nplugins {\n id(\"okhttp.base-conventions\")\n}\n\nval libs = extensions.getByType().named(\"libs\")\n\nfun library(alias: String) = libs.findLibrary(alias).get().get().let {\n \"${it.module.group}:${it.module.name}:${it.versionConstraint.requiredVersion}\"\n}\n\n\nval testRuntimeOnly = configurations.maybeCreate(\"testRuntimeOnly\")\ndependencies {\n testRuntimeOnly(library(\"junit-jupiter-engine\"))\n testRuntimeOnly(library(\"junit-vintage-engine\"))\n testRuntimeOnly(library(\"junit-platform-launcher\"))\n}\n\ntasks.withType {\n useJUnitPlatform()\n jvmArgs(\"-Dokhttp.platform=$platform\")\n\n if (platform == \"loom\") {\n jvmArgs(\"-Djdk.tracePinnedThreads=short\")\n }\n if (platform == \"openjsse\") {\n if (testJavaVersion > 8) {\n throw GradleException(\"OpenJSSE is only supported on Java 8\")\n }\n }\n\n val javaToolchains = project.extensions.getByType()\n javaLauncher.set(javaToolchains.launcherFor {\n languageVersion.set(JavaLanguageVersion.of(testJavaVersion))\n })\n\n maxParallelForks = Runtime.getRuntime().availableProcessors() * 2\n testLogging {\n exceptionFormat = TestExceptionFormat.FULL\n }\n\n systemProperty(\"okhttp.platform\", platform)\n systemProperty(\"junit.jupiter.extensions.autodetection.enabled\", \"true\")\n}\n\ntasks.withType().configureEach {\n environment(\"OKHTTP_ROOT\", rootDir)\n}\n\nplugins.withId(\"org.jetbrains.kotlin.jvm\") {\n val test = tasks.named(\"test\")\n tasks.register(\"jvmTest\") {\n description = \"Get 'gradlew jvmTest' to run the tests of JVM-only modules\"\n dependsOn(test)\n }\n}\n"
},
{
"path": "build-logic/src/main/kotlin/okhttp3/buildsupport/OkHttpBuildUtils.kt",
"content": "/*\n * Copyright (c) 2026 OkHttp Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp3.buildsupport\n\nimport org.gradle.api.Project\n\nval Project.platform: String\n get() = findProperty(\"okhttp.platform\")?.toString() ?: \"jdk9\"\n\nval Project.testJavaVersion: Int\n get() = findProperty(\"test.java.version\")?.toString()?.toInt() ?: 21\n\nval Project.androidBuild: Boolean\n get() = findProperty(\"androidBuild\")?.toString()?.toBoolean() ?: false\n\nval Project.alpnBootVersion: String?\n get() = findProperty(\"alpn.boot.version\")?.toString()\n"
},
{
"path": "build.gradle.kts",
"content": "plugins {\n alias(libs.plugins.spotless) apply false\n alias(libs.plugins.android.library) apply false\n alias(libs.plugins.android.application) apply false\n alias(libs.plugins.kotlin.jvm) apply false\n alias(libs.plugins.kotlin.multiplatform) apply false\n alias(libs.plugins.kotlin.serialization) apply false\n alias(libs.plugins.dokka) apply false\n alias(libs.plugins.maven.publish) apply false\n alias(libs.plugins.binary.compatibility.validator) apply false\n alias(libs.plugins.animalsniffer) apply false\n alias(libs.plugins.android.junit5) apply false\n alias(libs.plugins.shadow) apply false\n alias(libs.plugins.graalvm) apply false\n alias(libs.plugins.ksp) apply false\n alias(libs.plugins.burst) apply false\n id(\"okhttp.dokka-multimodule-conventions\")\n}\n\ntasks.wrapper {\n distributionType = Wrapper.DistributionType.ALL\n}\n"
},
{
"path": "container-tests/README.md",
"content": "OkHttp Container Tests\n======================\n\nThis module contains tests against other services\nvia containers.\n"
},
{
"path": "container-tests/build.gradle.kts",
"content": "plugins {\n kotlin(\"jvm\")\n id(\"okhttp.base-conventions\")\n}\n\nimport okhttp3.buildsupport.platform\nimport okhttp3.buildsupport.testJavaVersion\n\nval platform = project.platform\nval testJavaVersion = project.testJavaVersion\n\ntasks.withType {\n useJUnitPlatform()\n val isCi = providers.environmentVariable(\"CI\")\n val containerTests = providers.gradleProperty(\"containerTests\")\n onlyIf(\"By default not in CI\") {\n !isCi.isPresent\n || (containerTests.isPresent && containerTests.get().toBoolean())\n }\n\n jvmArgs(\n \"-Dokhttp.platform=$platform\",\n )\n\n if (platform == \"loom\") {\n jvmArgs(\n \"-Djdk.tracePinnedThreads=short\",\n )\n }\n\n val javaToolchains = project.extensions.getByType()\n javaLauncher.set(javaToolchains.launcherFor {\n languageVersion.set(JavaLanguageVersion.of(testJavaVersion))\n })\n}\n\ndependencies {\n api(projects.okhttp)\n\n testImplementation(projects.okhttpTestingSupport)\n testImplementation(libs.junit.jupiter.api)\n testImplementation(libs.junit.jupiter.params)\n testImplementation(libs.junit.jupiter.engine)\n testImplementation(libs.assertk)\n testImplementation(libs.testcontainers)\n testImplementation(libs.mockserver)\n testImplementation(libs.mockserver.client)\n testImplementation(libs.testcontainers.junit5)\n}\n"
},
{
"path": "container-tests/src/test/java/okhttp3/containers/BasicLoomTest.kt",
"content": "/*\n * Copyright (C) 2024 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp3.containers\n\nimport assertk.assertThat\nimport assertk.assertions.contains\nimport assertk.assertions.isEmpty\nimport assertk.assertions.isNotEmpty\nimport java.io.ByteArrayOutputStream\nimport java.io.PrintStream\nimport java.util.concurrent.ExecutorService\nimport java.util.concurrent.Executors\nimport okhttp3.Dispatcher\nimport okhttp3.HttpUrl.Companion.toHttpUrl\nimport okhttp3.OkHttpClient\nimport okhttp3.Request\nimport okhttp3.containers.BasicMockServerTest.Companion.MOCKSERVER_IMAGE\nimport okhttp3.containers.BasicMockServerTest.Companion.trustMockServer\nimport okhttp3.testing.PlatformRule\nimport org.junit.jupiter.api.AfterEach\nimport org.junit.jupiter.api.BeforeEach\nimport org.junit.jupiter.api.Test\nimport org.junit.jupiter.api.extension.RegisterExtension\nimport org.junit.jupiter.api.parallel.Isolated\nimport org.mockserver.client.MockServerClient\nimport org.mockserver.model.HttpRequest.request\nimport org.mockserver.model.HttpResponse.response\nimport org.testcontainers.containers.MockServerContainer\nimport org.testcontainers.junit.jupiter.Container\nimport org.testcontainers.junit.jupiter.Testcontainers\n\n@Testcontainers\n@Isolated\nclass BasicLoomTest {\n @JvmField\n @RegisterExtension\n val platform = PlatformRule()\n\n // Use mock server so we are strictly testing OkHttp client only in this test.\n // We should test MockWebServer later.\n @Container\n val mockServer: MockServerContainer = MockServerContainer(MOCKSERVER_IMAGE)\n\n val capturedOut = ByteArrayOutputStream()\n\n private lateinit var executor: ExecutorService\n\n private lateinit var client: OkHttpClient\n\n @BeforeEach\n fun setUp() {\n platform.assumeLoom()\n assertThat(System.getProperty(\"jdk.tracePinnedThreads\")).isNotEmpty()\n\n client =\n OkHttpClient\n .Builder()\n .trustMockServer()\n .dispatcher(Dispatcher(newVirtualThreadPerTaskExecutor()))\n .build()\n\n executor = newVirtualThreadPerTaskExecutor()\n\n // Capture non-deterministic but probable sysout warnings of pinned threads\n // https://docs.oracle.com/en/java/javase/21/core/virtual-threads.html\n System.setOut(PrintStream(capturedOut))\n }\n\n @AfterEach\n fun checkForPinning() {\n assertThat(capturedOut.toString()).isEmpty()\n }\n\n private fun newVirtualThreadPerTaskExecutor(): ExecutorService =\n Executors::class.java.getMethod(\"newVirtualThreadPerTaskExecutor\").invoke(null) as ExecutorService\n\n @Test\n fun testHttpsRequest() {\n MockServerClient(mockServer.host, mockServer.serverPort).use { mockServerClient ->\n mockServerClient\n .`when`(\n request()\n .withPath(\"/person\")\n .withQueryStringParameter(\"name\", \"peter\"),\n ).respond(response().withBody(\"Peter the person!\"))\n\n val results =\n (1..20).map {\n executor.submit {\n val response =\n client.newCall(Request((mockServer.secureEndpoint + \"/person?name=peter\").toHttpUrl())).execute()\n\n val body = response.body.string()\n assertThat(body).contains(\"Peter the person\")\n }\n }\n\n results.forEach {\n it.get()\n }\n }\n }\n}\n"
},
{
"path": "container-tests/src/test/java/okhttp3/containers/BasicMockServerTest.kt",
"content": "/*\n * Copyright (C) 2024 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp3.containers\n\nimport assertk.assertThat\nimport assertk.assertions.contains\nimport javax.net.ssl.TrustManagerFactory\nimport javax.net.ssl.X509TrustManager\nimport okhttp3.HttpUrl.Companion.toHttpUrl\nimport okhttp3.OkHttpClient\nimport okhttp3.Request\nimport org.junit.jupiter.api.Test\nimport org.mockserver.client.MockServerClient\nimport org.mockserver.configuration.Configuration\nimport org.mockserver.logging.MockServerLogger\nimport org.mockserver.model.HttpRequest.request\nimport org.mockserver.model.HttpResponse.response\nimport org.mockserver.socket.tls.KeyStoreFactory\nimport org.testcontainers.containers.MockServerContainer\nimport org.testcontainers.junit.jupiter.Container\nimport org.testcontainers.junit.jupiter.Testcontainers\nimport org.testcontainers.utility.DockerImageName\n\n@Testcontainers\nclass BasicMockServerTest {\n @Container\n val mockServer: MockServerContainer = MockServerContainer(MOCKSERVER_IMAGE)\n\n val client =\n OkHttpClient\n .Builder()\n .trustMockServer()\n .build()\n\n @Test\n fun testRequest() {\n MockServerClient(mockServer.host, mockServer.serverPort).use { mockServerClient ->\n mockServerClient\n .`when`(\n request()\n .withPath(\"/person\")\n .withQueryStringParameter(\"name\", \"peter\"),\n ).respond(response().withBody(\"Peter the person!\"))\n\n val response = client.newCall(Request((mockServer.endpoint + \"/person?name=peter\").toHttpUrl())).execute()\n\n assertThat(response.body.string()).contains(\"Peter the person\")\n }\n }\n\n @Test\n fun testHttpsRequest() {\n MockServerClient(mockServer.host, mockServer.serverPort).use { mockServerClient ->\n mockServerClient\n .`when`(\n request()\n .withPath(\"/person\")\n .withQueryStringParameter(\"name\", \"peter\"),\n ).respond(response().withBody(\"Peter the person!\"))\n\n val response = client.newCall(Request((mockServer.secureEndpoint + \"/person?name=peter\").toHttpUrl())).execute()\n\n assertThat(response.body.string()).contains(\"Peter the person\")\n }\n }\n\n companion object {\n val MOCKSERVER_IMAGE: DockerImageName =\n DockerImageName\n .parse(\"mockserver/mockserver\")\n .withTag(\"mockserver-5.15.0\")\n\n fun OkHttpClient.Builder.trustMockServer(): OkHttpClient.Builder =\n apply {\n val keyStoreFactory = KeyStoreFactory(Configuration.configuration(), MockServerLogger())\n\n val socketFactory = keyStoreFactory.sslContext().socketFactory\n\n val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())\n trustManagerFactory.init(keyStoreFactory.loadOrCreateKeyStore())\n val trustManager = trustManagerFactory.trustManagers.first() as X509TrustManager\n\n sslSocketFactory(socketFactory, trustManager)\n }\n }\n}\n"
},
{
"path": "container-tests/src/test/java/okhttp3/containers/BasicProxyTest.kt",
"content": "/*\n * Copyright (C) 2024 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp3.containers\n\nimport assertk.assertThat\nimport assertk.assertions.contains\nimport assertk.assertions.isEqualTo\nimport java.net.HttpURLConnection\nimport java.net.Proxy\nimport java.net.URI\nimport javax.net.ssl.HttpsURLConnection\nimport okhttp3.HttpUrl.Companion.toHttpUrl\nimport okhttp3.OkHttpClient\nimport okhttp3.Protocol\nimport okhttp3.Request\nimport okhttp3.containers.BasicMockServerTest.Companion.MOCKSERVER_IMAGE\nimport okhttp3.containers.BasicMockServerTest.Companion.trustMockServer\nimport okio.buffer\nimport okio.source\nimport org.junit.jupiter.api.Test\nimport org.mockserver.client.MockServerClient\nimport org.mockserver.configuration.Configuration\nimport org.mockserver.logging.MockServerLogger\nimport org.mockserver.model.HttpRequest.request\nimport org.mockserver.model.HttpResponse.response\nimport org.mockserver.proxyconfiguration.ProxyConfiguration\nimport org.mockserver.socket.tls.KeyStoreFactory\nimport org.testcontainers.containers.MockServerContainer\nimport org.testcontainers.junit.jupiter.Container\nimport org.testcontainers.junit.jupiter.Testcontainers\n\n@Testcontainers\nclass BasicProxyTest {\n @Container\n val mockServer: MockServerContainer =\n MockServerContainer(MOCKSERVER_IMAGE)\n .withNetworkAliases(\"mockserver\")\n\n @Test\n fun testOkHttpDirect() {\n testRequest {\n val client = OkHttpClient()\n\n val response =\n client\n .newCall(\n Request((mockServer.endpoint + \"/person?name=peter\").toHttpUrl()),\n ).execute()\n\n assertThat(response.body.string()).contains(\"Peter the person\")\n assertThat(response.protocol).isEqualTo(Protocol.HTTP_1_1)\n }\n }\n\n @Test\n fun testOkHttpProxied() {\n testRequest {\n it.withProxyConfiguration(ProxyConfiguration.proxyConfiguration(ProxyConfiguration.Type.HTTP, it.remoteAddress()))\n\n val client =\n OkHttpClient\n .Builder()\n .proxy(Proxy(Proxy.Type.HTTP, it.remoteAddress()))\n .build()\n\n val response =\n client\n .newCall(\n Request((mockServer.endpoint + \"/person?name=peter\").toHttpUrl()),\n ).execute()\n\n assertThat(response.body.string()).contains(\"Peter the person\")\n }\n }\n\n @Test\n fun testOkHttpSecureDirect() {\n testRequest {\n val client =\n OkHttpClient\n .Builder()\n .trustMockServer()\n .build()\n\n val response =\n client\n .newCall(\n Request((mockServer.secureEndpoint + \"/person?name=peter\").toHttpUrl()),\n ).execute()\n\n assertThat(response.body.string()).contains(\"Peter the person\")\n assertThat(response.protocol).isEqualTo(Protocol.HTTP_2)\n }\n }\n\n @Test\n fun testOkHttpSecureProxiedHttp1() {\n testRequest {\n val client =\n OkHttpClient\n .Builder()\n .trustMockServer()\n .proxy(Proxy(Proxy.Type.HTTP, it.remoteAddress()))\n .protocols(listOf(Protocol.HTTP_1_1))\n .build()\n\n val response =\n client\n .newCall(\n Request((mockServer.secureEndpoint + \"/person?name=peter\").toHttpUrl()),\n ).execute()\n\n assertThat(response.body.string()).contains(\"Peter the person\")\n assertThat(response.protocol).isEqualTo(Protocol.HTTP_1_1)\n }\n }\n\n @Test\n fun testUrlConnectionDirect() {\n testRequest {\n val url = URI(mockServer.endpoint + \"/person?name=peter\").toURL()\n\n val connection = url.openConnection() as HttpURLConnection\n\n assertThat(\n connection.inputStream\n .source()\n .buffer()\n .readUtf8(),\n ).contains(\"Peter the person\")\n }\n }\n\n @Test\n fun testUrlConnectionPlaintextProxied() {\n testRequest {\n val proxy =\n Proxy(\n Proxy.Type.HTTP,\n it.remoteAddress(),\n )\n\n val url = URI(mockServer.endpoint + \"/person?name=peter\").toURL()\n\n val connection = url.openConnection(proxy) as HttpURLConnection\n\n assertThat(\n connection.inputStream\n .source()\n .buffer()\n .readUtf8(),\n ).contains(\"Peter the person\")\n }\n }\n\n @Test\n fun testUrlConnectionSecureDirect() {\n val keyStoreFactory = KeyStoreFactory(Configuration.configuration(), MockServerLogger())\n HttpsURLConnection.setDefaultSSLSocketFactory(keyStoreFactory.sslContext().socketFactory)\n\n testRequest {\n val url = URI(mockServer.secureEndpoint + \"/person?name=peter\").toURL()\n\n val connection = url.openConnection() as HttpURLConnection\n\n assertThat(\n connection.inputStream\n .source()\n .buffer()\n .readUtf8(),\n ).contains(\"Peter the person\")\n }\n }\n\n @Test\n fun testUrlConnectionSecureProxied() {\n val keyStoreFactory = KeyStoreFactory(Configuration.configuration(), MockServerLogger())\n HttpsURLConnection.setDefaultSSLSocketFactory(keyStoreFactory.sslContext().socketFactory)\n\n testRequest {\n val proxy =\n Proxy(\n Proxy.Type.HTTP,\n it.remoteAddress(),\n )\n\n val url = URI(mockServer.secureEndpoint + \"/person?name=peter\").toURL()\n\n val connection = url.openConnection(proxy) as HttpURLConnection\n\n assertThat(\n connection.inputStream\n .source()\n .buffer()\n .readUtf8(),\n ).contains(\"Peter the person\")\n }\n }\n\n private fun testRequest(function: (MockServerClient) -> Unit) {\n MockServerClient(mockServer.host, mockServer.serverPort).use { mockServerClient ->\n val request =\n request()\n .withPath(\"/person\")\n .withQueryStringParameter(\"name\", \"peter\")\n\n mockServerClient\n .`when`(\n request,\n ).respond(response().withBody(\"Peter the person!\"))\n\n function(mockServerClient)\n }\n }\n}\n"
},
{
"path": "container-tests/src/test/java/okhttp3/containers/SocksProxyTest.kt",
"content": "/*\n * Copyright (C) 2024 Square, Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage okhttp3.containers\n\nimport assertk.assertThat\nimport assertk.assertions.contains\nimport java.net.InetSocketAddress\nimport java.net.Proxy\nimport java.net.Proxy.Type.SOCKS\nimport okhttp3.HttpUrl.Companion.toHttpUrl\nimport okhttp3.OkHttpClient\nimport okhttp3.Request\nimport okhttp3.containers.BasicMockServerTest.Companion.MOCKSERVER_IMAGE\nimport org.junit.jupiter.api.Test\nimport org.mockserver.client.MockServerClient\nimport org.mockserver.model.HttpRequest.request\nimport org.mockserver.model.HttpResponse.response\nimport org.testcontainers.containers.GenericContainer\nimport org.testcontainers.containers.MockServerContainer\nimport org.testcontainers.containers.Network\nimport org.testcontainers.junit.jupiter.Container\nimport org.testcontainers.junit.jupiter.Testcontainers\nimport org.testcontainers.utility.DockerImageName\n\n@Testcontainers\nclass SocksProxyTest {\n val network: Network = Network.newNetwork()\n\n @Container\n val mockServer: MockServerContainer =\n MockServerContainer(MOCKSERVER_IMAGE)\n .withNetwork(network)\n .withNetworkAliases(\"mockserver\")\n\n @Container\n val socks5Proxy =\n GenericContainer(SOCKS5_PROXY)\n .withNetwork(network)\n .withExposedPorts(1080)\n\n @Test\n fun testLocal() {\n MockServerClient(mockServer.host, mockServer.serverPort).use { mockServerClient ->\n mockServerClient\n .`when`(\n request()\n .withPath(\"/person\")\n .withQueryStringParameter(\"name\", \"peter\"),\n ).respond(response().withBody(\"Peter the person!\"))\n\n val client =\n OkHttpClient\n .Builder()\n .proxy(Proxy(SOCKS, InetSocketAddress(socks5Proxy.host, socks5Proxy.firstMappedPort)))\n .build()\n\n val response =\n client\n .newCall(\n Request(\"http://mockserver:1080/person?name=peter\".toHttpUrl()),\n ).execute()\n\n assertThat(response.body.string()).contains(\"Peter the person\")\n }\n }\n\n companion object {\n val SOCKS5_PROXY: DockerImageName =\n DockerImageName\n .parse(\"serjs/go-socks5-proxy\")\n .withTag(\"v0.0.3\")\n }\n}\n"
},
{
"path": "deploy_website.sh",
"content": "#!/bin/bash\n\n# The website is built using MkDocs with the Material theme.\n# https://squidfunk.github.io/mkdocs-material/\n# It requires python3 to run.\n\nset -ex\n\nREPO=\"git@github.com:square/okhttp.git\"\nDIR=temp-clone\n\n# Delete any existing temporary website clone\nrm -rf $DIR\n\n# Clone the current repo into temp folder\ngit clone $REPO $DIR\n# Replace `git clone` with these lines to hack on the website locally\n# cp -a . \"../okhttp-website\"\n# mv \"../okhttp-website\" \"$DIR\"\n\n# Move working directory into temp folder\ncd $DIR\n\n# Generate the API docs\n./gradlew dokkaHtmlMultiModule\n\nmv ./build/dokka/htmlMultiModule docs/5.x\n\n# Copy in special files that GitHub wants in the project root.\ncat README.md | grep -v 'project website' > docs/index.md\ncp CHANGELOG.md docs/changelogs/changelog.md\ncp CONTRIBUTING.md docs/contribute/contributing.md\n\n# Build the site and push the new files up to GitHub\npython3 -m venv venv\nsource venv/bin/activate\npip install mkdocs-material mkdocs-redirects\nmkdocs gh-deploy\n\n# Restore Javadocs from 1.x, 2.x, and 3.x.\ngit checkout gh-pages\ngit cherry-pick bb229b9dcc9a21a73edbf8d936bea88f52e0a3ff\ngit cherry-pick c695732f1d4aea103b826876c077fbfea630e244\ngit push --set-upstream origin gh-pages\n\n# Delete our temp folder\ncd ..\nrm -rf $DIR\n"
},
{
"path": "docs/assets/css/app.css",
"content": "@font-face {\n font-family: cash-market;\n src: url(\"https://cash-f.squarecdn.com/static/fonts/cash-market/v2/CashMarket-Regular.woff2\") format(\"woff2\");\n font-weight: 400;\n font-style: normal\n}\n\n@font-face {\n font-family: cash-market;\n src: url(\"https://cash-f.squarecdn.com/static/fonts/cash-market/v2/CashMarket-Medium.woff2\") format(\"woff2\");\n font-weight: 500;\n font-style: normal\n}\n\n@font-face {\n font-family: cash-market;\n src: url(\"https://cash-f.squarecdn.com/static/fonts/cash-market/v2/CashMarket-Bold.woff2\") format(\"woff2\");\n font-weight: 700;\n font-style: normal\n}\n\nbody, input {\n font-family: cash-market,\"Helvetica Neue\",helvetica,sans-serif;\n}\n\n.md-typeset h1, .md-typeset h2, .md-typeset h3, .md-typeset h4 {\n font-family: cash-market,\"Helvetica Neue\",helvetica,sans-serif;\n line-height: normal;\n font-weight: bold;\n}\n\nbutton.dl {\n font-weight: 300;\n font-size: 25px;\n line-height: 40px;\n padding: 3px 10px;\n display: inline-block;\n border-radius: 6px;\n color: #f0f0f0;\n margin: 5px 0;\n width: auto;\n}\n\n.logo {\n text-align: center;\n margin-top: 150px;\n}"
},
{
"path": "docs/changelogs/changelog_1x.md",
"content": "OkHttp 1.x Change Log\n=====================\n\n## Version 1.6.0\n\n_2014-05-23_\n\n * Offer bridges to make it easier to migrate from OkHttp 1.x to OkHttp 2.0.\n This adds `OkUrlFactory`, `Cache`, and `@Deprecated` annotations for APIs\n dropped in 2.0.\n\n## Version 1.5.4\n\n_2014-04-14_\n\n * Drop ALPN support in Android. There's a concurrency bug in all\n currently-shipping versions.\n * Support asynchronous disconnects by breaking the socket only. This should\n prevent flakiness from multiple threads concurrently accessing a stream.\n\n## Version 1.5.3\n\n_2014-03-29_\n\n * Fix bug where the Content-Length header was not always dropped when\n following a redirect from a POST to a GET.\n * Implement basic support for `Thread.interrupt()`. OkHttp now checks\n for an interruption before doing a blocking call. If it is interrupted,\n it throws an `InterruptedIOException`.\n\n## Version 1.5.2\n\n_2014-03-17_\n\n * Fix bug where deleting a file that was absent from the `HttpResponseCache`\n caused an IOException.\n * Fix bug in HTTP/2 where our HPACK decoder wasn't emitting entries in\n certain eviction scenarios, leading to dropped response headers.\n\n## Version 1.5.1\n\n_2014-03-11_\n\n * Fix 1.5.0 regression where connections should not have been recycled.\n * Fix 1.5.0 regression where transparent Gzip was broken by attempting to\n recover from another I/O failure.\n * Fix problems where spdy/3.1 headers may not have been compressed properly.\n * Fix problems with spdy/3.1 and http/2 where the wrong window size was being\n used.\n * Fix 1.5.0 regression where conditional cache responses could corrupt the\n connection pool.\n\n\n## Version 1.5.0\n\n_2014-03-07_\n\n\n##### OkHttp no longer uses the default SSL context.\n\nApplications that want to use the global SSL context with OkHttp should configure their\nOkHttpClient instances with the following:\n\n```java\nokHttpClient.setSslSocketFactory(HttpsURLConnection.getDefaultSSLSocketFactory());\n```\n\nA simpler solution is to avoid the shared default SSL socket factory. Instead, if you\nneed to customize SSL, do so for your specific OkHttpClient instance only.\n\n##### Synthetic headers have changed\n\nPreviously OkHttp added a synthetic response header, `OkHttp-Selected-Transport`. It\nhas been replaced with a new synthetic header, `OkHttp-Selected-Protocol`.\n\n##### Changes\n\n * New: Support for `HTTP-draft-09/2.0`.\n * New: Support for `spdy/3.1`. Dropped support for `spdy/3`.\n * New: Use ALPN on Android platforms that support it (4.4+)\n * New: CacheControl model and parser.\n * New: Protocol selection in MockWebServer.\n * Fix: Route selection shouldn't use TLS modes that we know will fail.\n * Fix: Cache SPDY responses even if the response body is closed prematurely.\n * Fix: Use strict timeouts when aborting a download.\n * Fix: Support Shoutcast HTTP responses like `ICY 200 OK`.\n * Fix: Don't unzip if there isn't a response body.\n * Fix: Don't leak gzip streams on redirects.\n * Fix: Don't do DNS lookups on invalid hosts.\n * Fix: Exhaust the underlying stream when reading gzip streams.\n * Fix: Support the `PATCH` method.\n * Fix: Support request bodies on `DELETE` method.\n * Fix: Drop the `okhttp-protocols` module.\n * Internal: Replaced internal byte array buffers with pooled buffers (\"OkBuffer\").\n\n\n## Version 1.3.0\n\n_2014-01-11_\n\n * New: Support for \"PATCH\" HTTP method in client and MockWebServer.\n * Fix: Drop `Content-Length` header when redirected from POST to GET.\n * Fix: Correctly read cached header entries with malformed header names.\n * Fix: Do not directly support any authentication schemes other than \"Basic\".\n * Fix: Respect read timeouts on recycled connections.\n * Fix: Transmit multiple cookie values as a single header with delimiter.\n * Fix: Ensure `null` is never returned from a connection's `getHeaderFields()`.\n * Fix: Persist proper `Content-Encoding` header to cache for GZip responses.\n * Fix: Eliminate rare race condition in SPDY streams that would prevent connection reuse.\n * Fix: Change HTTP date formats to UTC to conform to RFC2616 section 3.3.\n * Fix: Support SPDY header blocks with trailing bytes.\n * Fix: Allow `;` as separator for `Cache-Control` header.\n * Fix: Correct bug where HTTPS POST requests were always automatically buffered.\n * Fix: Honor read timeout when parsing SPDY headers.\n\n\n## Version 1.2.1\n\n_2013-08-23_\n\n * Resolve issue with 'jar-with-dependencies' artifact creation.\n * Fix: Support empty SPDY header values.\n\n\n## Version 1.2.0\n\n_2013-08-11_\n\n * New APIs on OkHttpClient to set default timeouts for connect and read.\n * Fix bug when caching SPDY responses.\n * Fix a bug with SPDY plus half-closed streams. (thanks kwuollett)\n * Fix a bug in `Content-Length` reporting for gzipped streams in the Apache\n HTTP client adapter. (thanks kwuollett)\n * Work around the Alcatel `getByInetAddress` bug (thanks k.kocel)\n * Be more aggressive about testing pooled sockets before reuse. (thanks\n warpspin)\n * Include `Content-Type` and `Content-Encoding` in the Apache HTTP client\n adapter. (thanks kwuollett)\n * Add a media type class to OkHttp.\n * Change custom header prefix:\n\n ```\n X-Android-Sent-Millis is now OkHttp-Sent-Millis\n X-Android-Received-Millis is now OkHttp-Received-Millis\n X-Android-Response-Source is now OkHttp-Response-Source\n X-Android-Selected-Transport is now OkHttp-Selected-Transport\n ```\n * Improve cache invalidation for POST-like requests.\n * Bring MockWebServer into OkHttp and teach it SPDY.\n\n\n## Version 1.1.1\n\n_2013-06-23_\n\n * Fix: ClassCastException when caching responses that were redirected from\n HTTP to HTTPS.\n\n\n## Version 1.1.0\n\n_2013-06-15_\n\n * Fix: Connection reuse was broken for most HTTPS connections due to a bug in\n the way the hostname verifier was selected.\n * Fix: Locking bug in SpdyConnection.\n * Fix: Ignore null header values (for compatibility with HttpURLConnection).\n * Add URLStreamHandlerFactory support so that `URL.openConnection()` uses\n OkHttp.\n * Expose the transport (\"http/1.1\", \"spdy/3\", etc.) via magic request headers.\n Use `X-Android-Transports` to write the preferred transports and\n `X-Android-Selected-Transport` to read the negotiated transport.\n\n\n## Version 1.0.2\n\n_2013-05-11_\n\n * Fix: Remove use of Java 6-only APIs.\n * Fix: Properly handle exceptions from `NetworkInterface` when querying MTU.\n * Fix: Ensure MTU has a reasonable default and upper-bound.\n\n\n## Version 1.0.1\n\n_2013-05-06_\n\n * Correct casing of SSL in method names (`getSslSocketFactory`/`setSslSocketFactory`).\n\n\n## Version 1.0.0\n\n_2013-05-06_\n\nInitial release.\n"
},
{
"path": "docs/changelogs/changelog_2x.md",
"content": "OkHttp 2.x Change Log\n=====================\n\n## Version 2.7.5\n\n_2016-02-25_\n\n * Fix: Change the certificate pinner to always build full chains. This\n prevents a potential crash when using certificate pinning with the Google\n Play Services security provider.\n\n\n## Version 2.7.4\n\n_2016-02-07_\n\n * Fix: Don't crash when finding the trust manager if the Play Services (GMS)\n security provider is installed.\n * Fix: The previous release introduced a performance regression on Android,\n caused by looking up CA certificates. This is now fixed.\n\n\n## Version 2.7.3\n\n_2016-02-06_\n\n * Fix: Permit the trusted CA root to be pinned by `CertificatePinner`.\n\n\n## Version 2.7.2\n\n_2016-01-07_\n\n * Fix: Don't eagerly release stream allocations on cache hits. We might still\n need them to handle redirects.\n\n\n## Version 2.7.1\n\n_2016-01-01_\n\n * Fix: Don't do a health check on newly-created connections. This is\n unnecessary work that could put the client in an inconsistent state if the\n health check fails.\n\n\n## Version 2.7.0\n\n_2015-12-13_\n\n * **Rewritten connection management.** Previously OkHttp's connection pool\n managed both idle and active connections for HTTP/2, but only idle\n connections for HTTP/1.x. With this update the connection pool manages both\n idle and active connections for everything. OkHttp now detects and warns on\n connections that were allocated but never released, and will enforce HTTP/2\n stream limits. This update also fixes `Call.cancel()` to not do I/O on the\n calling thread.\n * Fix: Don't log gzipped data in the logging interceptor.\n * Fix: Don't resolve DNS addresses when connecting through a SOCKS proxy.\n * Fix: Drop the synthetic `OkHttp-Selected-Protocol` response header.\n * Fix: Support 204 and 205 'No Content' replies in the logging interceptor.\n * New: Add `Call.isExecuted()`.\n\n\n## Version 2.6.0\n\n_2015-11-22_\n\n * **New Logging Interceptor.** The `logging-interceptor` subproject offers\n simple request and response logging. It may be configured to log headers and\n bodies for debugging. It requires this Maven dependency:\n\n ```xml\n \n com.squareup.okhttp\n logging-interceptor\n 2.6.0\n \n ```\n\n Configure basic logging like this:\n\n ```java\n HttpLoggingInterceptor loggingInterceptor = new HttpLoggingInterceptor();\n loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BASIC);\n client.networkInterceptors().add(loggingInterceptor);\n ```\n\n **Warning:** Avoid `Level.HEADERS` and `Level.BODY` in production because\n they could leak passwords and other authentication credentials to insecure\n logs.\n\n * **WebSocket API now uses `RequestBody` and `ResponseBody` for messages.**\n This is a backwards-incompatible API change.\n\n * **The DNS service is now pluggable.** In some situations this may be useful\n to manually prioritize specific IP addresses.\n\n * Fix: Don't throw when converting an `HttpUrl` to a `java.net.URI`.\n Previously URLs with special characters like `|` and `[` would break when\n subjected to URI’s overly-strict validation.\n * Fix: Don't re-encode `+` as `%20` in encoded URL query strings. OkHttp\n prefers `%20` when doing its own encoding, but will retain `+` when that is\n provided.\n * Fix: Enforce that callers call `WebSocket.close()` on IO errors. Error\n handling in WebSockets is significantly improved.\n * Fix: Don't use SPDY/3 style header concatenation for HTTP/2 request headers.\n This could have corrupted requests where multiple headers had the same name,\n as in cookies.\n * Fix: Reject bad characters in the URL hostname. Previously characters like\n `\\0` would cause a late crash when building the request.\n * Fix: Allow interceptors to change the request method.\n * Fix: Don’t use the request's `User-Agent` or `Proxy-Authorization` when\n connecting to an HTTPS server via an HTTP tunnel. The `Proxy-Authorization`\n header was being leaked to the origin server.\n * Fix: Digits may be used in a URL scheme.\n * Fix: Improve connection timeout recovery.\n * Fix: Recover from `getsockname` crashes impacting Android releases prior to\n 4.2.2.\n * Fix: Drop partial support for HTTP/1.0. Previously OkHttp would send\n `HTTP/1.0` on connections after seeing a response with `HTTP/1.0`. The fixed\n behavior is consistent with Firefox and Chrome.\n * Fix: Allow a body in `OPTIONS` requests.\n * Fix: Don't percent-encode non-ASCII characters in URL fragments.\n * Fix: Handle null fragments.\n * Fix: Don’t crash on interceptors that throw `IOException` before a\n connection is attempted.\n * New: Support [WebDAV][webdav] HTTP methods.\n * New: Buffer WebSocket frames for better performance.\n * New: Drop support for `TLS_DHE_DSS_WITH_AES_128_CBC_SHA`, our only remaining\n DSS cipher suite. This is consistent with Firefox and Chrome which have also\n dropped these cipher suite.\n\n## Version 2.5.0\n\n_2015-08-25_\n\n * **Timeouts now default to 10 seconds.** Previously we defaulted to never\n timing out, and that was a lousy policy. If establishing a connection,\n reading the next byte from a connection, or writing the next byte to a\n connection takes more than 10 seconds to complete, you’ll need to adjust\n the timeouts manually.\n\n * **OkHttp now rejects request headers that contain invalid characters.** This\n includes potential security problems (newline characters) as well as simple\n non-ASCII characters (including international characters and emoji).\n\n * **Call canceling is more reliable.** We had a bug where a socket being\n connected wasn't being closed when the application used `Call.cancel()`.\n\n * **Changing a HttpUrl’s scheme now tracks the default port.** We had a bug\n where changing a URL from `http` to `https` would leave it on port 80.\n\n * **Okio has been updated to 1.6.0.**\n ```xml\n \n com.squareup.okio\n okio\n 1.6.0\n \n ```\n\n * New: `Cache.initialize()`. Call this on a background thread to eagerly\n initialize the response cache.\n * New: Fold `MockWebServerRule` into `MockWebServer`. This makes it easier to\n write JUnit tests with `MockWebServer`. The `MockWebServer` library now\n depends on JUnit, though it continues to work with all testing frameworks.\n * Fix: `FormEncodingBuilder` is now consistent with browsers in which\n characters it escapes. Previously we weren’t percent-encoding commas,\n parens, and other characters.\n * Fix: Relax `FormEncodingBuilder` to support building empty forms.\n * Fix: Timeouts throw `SocketTimeoutException`, not `InterruptedIOException`.\n * Fix: Change `MockWebServer` to use the same logic as OkHttp when determining\n whether an HTTP request permits a body.\n * Fix: `HttpUrl` now uses the canonical form for IPv6 addresses.\n * Fix: Use `HttpUrl` internally.\n * Fix: Recover from Android 4.2.2 EBADF crashes.\n * Fix: Don't crash with an `IllegalStateException` if an HTTP/2 or SPDY\n write fails, leaving the connection in an inconsistent state.\n * Fix: Make sure the default user agent is ASCII.\n\n\n## Version 2.4.0\n\n_2015-05-22_\n\n * **Forbid response bodies on HTTP 204 and 205 responses.** Webservers that\n return such malformed responses will now trigger a `ProtocolException` in\n the client.\n\n * **WebSocketListener has incompatible changes.** The `onOpen()` method is now\n called on the reader thread, so implementations must return before further\n websocket messages will be delivered. The `onFailure()` method now includes\n an HTTP response if one was returned.\n\n## Version 2.4.0-RC1\n\n_2015-05-16_\n\n * **New HttpUrl API.** It's like `java.net.URL` but good. Note that\n `Request.Builder.url()` now throws `IllegalArgumentException` on malformed\n URLs. (Previous releases would throw a `MalformedURLException` when calling\n a malformed URL.)\n\n * **We've improved connect failure recovery.** We now differentiate between\n setup, connecting, and connected and implement appropriate recovery rules\n for each. This changes `Address` to no longer use `ConnectionSpec`. (This is\n an incompatible API change).\n\n * **`FormEncodingBuilder` now uses `%20` instead of `+` for encoded spaces.**\n Both are permitted-by-spec, but `%20` requires fewer special cases.\n\n * **Okio has been updated to 1.4.0.**\n ```xml\n \n com.squareup.okio\n okio\n 1.4.0\n \n ```\n\n * **`Request.Builder` no longer accepts null if a request body is required.**\n Passing null will now fail for request methods that require a body. Instead\n use an empty body such as this one:\n\n ```java\n RequestBody.create(null, new byte[0]);\n ```\n\n * **`CertificatePinner` now supports wildcard hostnames.** As always with\n certificate pinning, you must be very careful to avoid [bricking][brick]\n your app. You'll need to pin both the top-level domain and the `*.` domain\n for full coverage.\n\n ```java\n client.setCertificatePinner(new CertificatePinner.Builder()\n .add(\"publicobject.com\", \"sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=\")\n .add(\"*.publicobject.com\", \"sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=\")\n .add(\"publicobject.com\", \"sha1/SXxoaOSEzPC6BgGmxAt/EAcsajw=\")\n .add(\"*.publicobject.com\", \"sha1/SXxoaOSEzPC6BgGmxAt/EAcsajw=\")\n .add(\"publicobject.com\", \"sha1/blhOM3W9V/bVQhsWAcLYwPU6n24=\")\n .add(\"*.publicobject.com\", \"sha1/blhOM3W9V/bVQhsWAcLYwPU6n24=\")\n .add(\"publicobject.com\", \"sha1/T5x9IXmcrQ7YuQxXnxoCmeeQ84c=\")\n .add(\"*.publicobject.com\", \"sha1/T5x9IXmcrQ7YuQxXnxoCmeeQ84c=\")\n .build());\n ```\n\n * **Interceptors lists are now deep-copied by `OkHttpClient.clone()`.**\n Previously clones shared interceptors, which made it difficult to customize\n the interceptors on a request-by-request basis.\n\n * New: `Headers.toMultimap()`.\n * New: `RequestBody.create(MediaType, ByteString)`.\n * New: `ConnectionSpec.isCompatible(SSLSocket)`.\n * New: `Dispatcher.getQueuedCallCount()` and\n `Dispatcher.getRunningCallCount()`. These can be useful in diagnostics.\n * Fix: OkHttp no longer shares timeouts between pooled connections. This was\n causing some applications to crash when connections were reused.\n * Fix: `OkApacheClient` now allows an empty `PUT` and `POST`.\n * Fix: Websockets no longer rebuffer socket streams.\n * Fix: Websockets are now better at handling close frames.\n * Fix: Content type matching is now case insensitive.\n * Fix: `Vary` headers are not lost with `android.net.http.HttpResponseCache`.\n * Fix: HTTP/2 wasn't enforcing stream timeouts when writing the underlying\n connection. Now it is.\n * Fix: Never return null on `call.proceed()`. This was a bug in call\n cancelation.\n * Fix: When a network interceptor mutates a request, that change is now\n reflected in `Response.networkResponse()`.\n * Fix: Badly-behaving caches now throw a checked exception instead of a\n `NullPointerException`.\n * Fix: Better handling of uncaught exceptions in MockWebServer with HTTP/2.\n\n## Version 2.3.0\n\n_2015-03-16_\n\n * **HTTP/2 support.** We've done interop testing and haven't seen any\n problems. HTTP/2 support has been a big effort and we're particularly\n thankful to Adrian Cole who has helped us to reach this milestone.\n\n * **RC4 cipher suites are no longer supported by default.** To connect to\n old, obsolete servers relying on these cipher suites, you must create a\n custom `ConnectionSpec`.\n\n * **Beta WebSockets support.**. The `okhttp-ws` subproject offers a new\n websockets client. Please try it out! When it's ready we intend to include\n it with the core OkHttp library.\n\n * **Okio updated to 1.3.0.**\n\n ```xml\n \n com.squareup.okio\n okio\n 1.3.0\n \n ```\n\n * **Fix: improve parallelism of async requests.** OkHttp's Dispatcher had a\n misconfigured `ExecutorService` that limited the number of worker threads.\n If you're using `Call.enqueue()` this update should significantly improve\n request concurrency.\n\n * **Fix: Lazily initialize the response cache.** This avoids strict mode\n warnings when initializing OkHttp on Android‘s main thread.\n\n * **Fix: Disable ALPN on Android 4.4.** That release of the feature was\n unstable and prone to native crashes in the underlying OpenSSL code.\n * Fix: Don't send both `If-None-Match` and `If-Modified-Since` cache headers\n when both are applicable.\n * Fix: Fail early when a port is out of range.\n * Fix: Offer `Content-Length` headers for multipart request bodies.\n * Fix: Throw `UnknownServiceException` if a cleartext connection is attempted\n when explicitly forbidden.\n * Fix: Throw a `SSLPeerUnverifiedException` when host verification fails.\n * Fix: MockWebServer explicitly closes sockets. (On some Android releases,\n closing the input stream and output stream of a socket is not sufficient.\n * Fix: Buffer outgoing HTTP/2 frames to limit how many outgoing frames are\n created.\n * Fix: Avoid crashing when cache writing fails due to a full disk.\n * Fix: Improve caching of private responses.\n * Fix: Update cache-by-default response codes.\n * Fix: Reused `Request.Builder` instances no longer hold stale URL fields.\n * New: ConnectionSpec can now be configured to use the SSL socket's default\n cipher suites. To use, set the cipher suites to `null`.\n * New: Support `DELETE` with a request body.\n * New: `Headers.of(Map)` creates headers from a Map.\n\n\n## Version 2.2.0\n\n_2014-12-30_\n\n * **`RequestBody.contentLength()` now throws `IOException`.**\n This is a source-incompatible change. If you have code that calls\n `RequestBody.contentLength()`, your compile will break with this\n update. The change is binary-compatible, however: code compiled\n for OkHttp 2.0 and 2.1 will continue to work with this update.\n\n * **`COMPATIBLE_TLS` no longer supports SSLv3.** In response to the\n [POODLE](https://googleonlinesecurity.blogspot.ca/2014/10/this-poodle-bites-exploiting-ssl-30.html)\n vulnerability, OkHttp no longer offers SSLv3 when negotiation an\n HTTPS connection. If you continue to need to connect to webservers\n running SSLv3, you must manually configure your own `ConnectionSpec`.\n\n * **OkHttp now offers interceptors.** Interceptors are a powerful mechanism\n that can monitor, rewrite, and retry calls. The [interceptors doc][interceptors] is a full\n introduction to this new API.\n\n * New: APIs to iterate and selectively clear the response cache.\n * New: Support for SOCKS proxies.\n * New: Support for `TLS_FALLBACK_SCSV`.\n * New: Update HTTP/2 support to `h2-16` and `hpack-10`.\n * New: APIs to prevent retrying non-idempotent requests.\n * Fix: Drop NPN support. Going forward we support ALPN only.\n * Fix: The hostname verifier is now strict. This is consistent with the hostname\n verifier in modern browsers.\n * Fix: Improve `CONNECT` handling for misbehaving HTTP proxies.\n * Fix: Don't retry requests that failed due to timeouts.\n * Fix: Cache 302s and 308s that include appropriate response headers.\n * Fix: Improve pooling of connections that use proxy selectors.\n * Fix: Don't leak connections when using ALPN on the desktop.\n * Fix: Update Jetty ALPN to `7.1.2.v20141202` (Java 7) and `8.1.2.v20141202` (Java 8).\n This fixes a bug in resumed TLS sessions where the wrong protocol could be\n selected.\n * Fix: Don't crash in SPDY and HTTP/2 when disconnecting before connecting.\n * Fix: Avoid a reverse DNS-lookup for a numeric proxy address\n * Fix: Resurrect http/2 frame logging.\n * Fix: Limit to 20 authorization attempts.\n\n## Version 2.1.0\n\n_2014-11-11_\n\n * New: Typesafe APIs for interacting with cipher suites and TLS versions.\n * Fix: Don't crash when mixing authorization challenges with upload retries.\n\n\n## Version 2.1.0-RC1\n\n_2014-11-04_\n\n * **OkHttp now caches private responses**. We've changed from a shared cache\n to a private cache, and will now store responses that use an `Authorization`\n header. This means OkHttp's cache shouldn't be used on middleboxes that sit\n between user agents and the origin server.\n\n * **TLS configuration updated.** OkHttp now explicitly enables TLSv1.2,\n TLSv1.1 and TLSv1.0 where they are supported. It will continue to perform\n only one fallback, to SSLv3. Applications can now configure this with the\n `ConnectionSpec` class.\n\n To disable TLS fallback:\n\n ```java\n client.setConnectionSpecs(Arrays.asList(\n ConnectionSpec.MODERN_TLS, ConnectionSpec.CLEARTEXT));\n ```\n\n To disable cleartext connections, permitting `https` URLs only:\n\n ```java\n client.setConnectionSpecs(Arrays.asList(\n ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS));\n ```\n\n * **New cipher suites.** Please confirm that your webservers are reachable\n with this limited set of cipher suites.\n\n ```\n Android\n Name Version\n\n TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 5.0\n TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 5.0\n TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 5.0\n TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 4.0\n TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 4.0\n TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 4.0\n TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 4.0\n TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 4.0\n TLS_ECDHE_RSA_WITH_RC4_128_SHA 4.0\n TLS_DHE_RSA_WITH_AES_128_CBC_SHA 2.3\n TLS_DHE_DSS_WITH_AES_128_CBC_SHA 2.3\n TLS_DHE_RSA_WITH_AES_256_CBC_SHA 2.3\n TLS_RSA_WITH_AES_128_GCM_SHA256 5.0\n TLS_RSA_WITH_AES_128_CBC_SHA 2.3\n TLS_RSA_WITH_AES_256_CBC_SHA 2.3\n SSL_RSA_WITH_3DES_EDE_CBC_SHA 2.3 (Deprecated in 5.0)\n SSL_RSA_WITH_RC4_128_SHA 2.3\n SSL_RSA_WITH_RC4_128_MD5 2.3 (Deprecated in 5.0)\n ```\n\n * **Okio updated to 1.0.1.**\n\n ```xml\n \n com.squareup.okio\n okio\n 1.0.1\n \n ```\n\n * **New APIs to permit easy certificate pinning.** Be warned, certificate\n pinning is dangerous and could prevent your application from trusting your\n server!\n\n * **Cache improvements.** This release fixes some severe cache problems\n including a bug where the cache could be corrupted upon certain access\n patterns. We also fixed a bug where the cache was being cleared due to a\n corrupted journal. We've added APIs to configure a request's `Cache-Control`\n headers, and to manually clear the cache.\n\n * **Request cancellation fixes.** This update fixes a bug where synchronous\n requests couldn't be canceled by tag. This update avoids crashing when\n `onResponse()` throws an `IOException`. That failure will now be logged\n instead of notifying the thread's uncaught exception handler. We've added a\n new API, `Call.isCanceled()` to check if a call has been canceled.\n\n * New: Update `MultipartBuilder` to support content length.\n * New: Make it possible to mock `OkHttpClient` and `Call`.\n * New: Update to h2-14 and hpack-9.\n * New: OkHttp includes a user-agent by default, like `okhttp/2.1.0-RC1`.\n * Fix: Handle response code `308 Permanent Redirect`.\n * Fix: Don't skip the callback if a call is canceled.\n * Fix: Permit hostnames with underscores.\n * Fix: Permit overriding the content-type in `OkApacheClient`.\n * Fix: Use the socket factory for direct connections.\n * Fix: Honor `OkUrlFactory` APIs that disable redirects.\n * Fix: Don't crash on concurrent modification of `SPDY` SPDY settings.\n\n## Version 2.0.0\n\nThis release commits to a stable 2.0 API. Read the 2.0.0-RC1 changes for advice\non upgrading from 1.x to 2.x.\n\n_2014-06-21_\n\n * **API Change**: Use `IOException` in `Callback.onFailure()`. This is\n a source-incompatible change, and is different from OkHttp 2.0.0-RC2 which\n used `Throwable`.\n * Fix: Fixed a caching bug where we weren't storing rewritten request headers\n like `Accept-Encoding`.\n * Fix: Fixed bugs in handling the SPDY window size. This was stalling certain\n large downloads\n * Update the language level to Java 7. (OkHttp requires Android 2.3+ or Java 7+.)\n\n## Version 2.0.0-RC2\n\n_2014-06-11_\n\nThis update fixes problems in 2.0.0-RC1. Read the 2.0.0-RC1 changes for\nadvice on upgrading from 1.x to 2.x.\n\n * Fix: Don't leak connections! There was a regression in 2.0.0-RC1 where\n connections were neither closed nor pooled.\n * Fix: Revert builder-style return types from OkHttpClient's timeout methods\n for binary compatibility with OkHttp 1.x.\n * Fix: Don't skip client stream 1 on SPDY/3.1. This fixes SPDY connectivity to\n `https://google.com`, which doesn't follow the SPDY/3.1 spec!\n * Fix: Always configure NPN headers. This fixes connectivity to\n `https://facebook.com` when SPDY and HTTP/2 are both disabled. Otherwise an\n unexpected NPN response is received and OkHttp crashes.\n * Fix: Write continuation frames when HPACK data is larger than 16383 bytes.\n * Fix: Don't drop uncaught exceptions thrown in async calls.\n * Fix: Throw an exception eagerly when a request body is not legal. Previously\n we ignored the problem at request-building time, only to crash later with a\n `NullPointerException`.\n * Fix: Include a backwards-compatible `OkHttp-Response-Source` header with\n `OkUrlFactory `responses.\n * Fix: Don't include a default User-Agent header in requests made with the Call\n API. Requests made with OkUrlFactory will continue to have a default user\n agent.\n * New: Guava-like API to create headers:\n\n ```java\n Headers headers = Headers.of(name1, value1, name2, value2, ...).\n ```\n\n * New: Make the content-type header optional for request bodies.\n * New: `Response.isSuccessful()` is a convenient API to check response codes.\n * New: The response body can now be read outside of the callback. Response\n bodies must always be closed, otherwise they will leak connections!\n * New: APIs to create multipart request bodies (`MultipartBuilder`) and form\n encoding bodies (`FormEncodingBuilder`).\n\n## Version 2.0.0-RC1\n\n_2014-05-23_\n\nOkHttp 2 is designed around a new API that is true to HTTP, with classes for\nrequests, responses, headers, and calls. It uses modern Java patterns like\nimmutability and chained builders. The API now offers asynchronous callbacks\nin addition to synchronous blocking calls.\n\n#### API Changes\n\n * **New Request and Response types,** each with their own builder. There's also\n a `RequestBody` class to write the request body to the network and a\n `ResponseBody` to read the response body from the network. The standalone\n `Headers` class offers full access to the HTTP headers.\n\n * **Okio dependency added.** OkHttp now depends on\n [Okio](https://github.com/square/okio), an I/O library that makes it easier\n to access, store and process data. Using this library internally makes OkHttp\n faster while consuming less memory. You can write a `RequestBody` as an Okio\n `BufferedSink` and a `ResponseBody` as an Okio `BufferedSource`. Standard\n `InputStream` and `OutputStream` access is also available.\n\n * **New Call and Callback types** execute requests and receive their\n responses. Both types of calls can be canceled via the `Call` or the\n `OkHttpClient`.\n\n * **URLConnection support has moved to the okhttp-urlconnection module.**\n If you're upgrading from 1.x, this change will impact you. You will need to\n add the `okhttp-urlconnection` module to your project and use the\n `OkUrlFactory` to create new instances of `HttpURLConnection`:\n\n ```java\n // OkHttp 1.x:\n HttpURLConnection connection = client.open(url);\n\n // OkHttp 2.x:\n HttpURLConnection connection = new OkUrlFactory(client).open(url);\n ```\n\n * **Custom caches are no longer supported.** In OkHttp 1.x it was possible to\n define your own response cache with the `java.net.ResponseCache` and OkHttp's\n `OkResponseCache` interfaces. Both of these APIs have been dropped. In\n OkHttp 2 the built-in disk cache is the only supported response cache.\n\n * **HttpResponseCache has been renamed to Cache.** Install it with\n `OkHttpClient.setCache(...)` instead of `OkHttpClient.setResponseCache(...)`.\n\n * **OkAuthenticator has been replaced with Authenticator.** This new\n authenticator has access to the full incoming response and can respond with\n whichever followup request is appropriate. The `Challenge` class is now a\n top-level class and `Credential` is replaced with a utility class called\n `Credentials`.\n\n * **OkHttpClient.getFollowProtocolRedirects() renamed to\n getFollowSslRedirects()**. We reserve the word _protocol_ for the HTTP\n version being used (HTTP/1.1, HTTP/2). The old name of this method was\n misleading; it was always used to configure redirects between `https://` and\n `http://` schemes.\n\n * **RouteDatabase is no longer public API.** OkHttp continues to track which\n routes have failed but this is no exposed in the API.\n\n * **ResponseSource is gone.** This enum exposed whether a response came from\n the cache, network, or both. OkHttp 2 offers more detail with raw access to\n the cache and network responses in the new `Response` class.\n\n * **TunnelRequest is gone.** It specified how to connect to an HTTP proxy.\n OkHttp 2 uses the new `Request` class for this.\n\n * **Dispatcher** is a new class that manages the queue of asynchronous calls. It\n implements limits on total in-flight calls and in-flight calls per host.\n\n#### Implementation changes\n\n * Support Android `TrafficStats` socket tagging.\n * Drop authentication headers on redirect.\n * Added support for compressed data frames.\n * Process push promise callbacks in order.\n * Update to http/2 draft 12.\n * Update to HPACK draft 07.\n * Add ALPN support. Maven will use ALPN on OpenJDK 8.\n * Update NPN dependency to target `jdk7u60-b13` and `Oracle jdk7u55-b13`.\n * Ensure SPDY variants support zero-length DELETE and POST.\n * Prevent leaking a cache item's InputStreams when metadata read fails.\n * Use a string to identify TLS versions in routes.\n * Add frame logger for HTTP/2.\n * Replacing `httpMinorVersion` with `Protocol`. Expose HTTP/1.0 as a potential protocol.\n * Use `Protocol` to describe framing.\n * Implement write timeouts for HTTP/1.1 streams.\n * Avoid use of SPDY stream ID 1, as that's typically used for UPGRADE.\n * Support OAuth in `Authenticator`.\n * Permit a dangling semicolon in media type parsing.\n\n\n## Version 1.x\n\n[Change log](changelog_1x.md)\n\n\n [brick]: https://noncombatant.org/2015/05/01/about-http-public-key-pinning/\n [interceptors]: https://square.github.io/okhttp/interceptors/\n [webdav]: https://tools.ietf.org/html/rfc4918\n"
},
{
"path": "docs/changelogs/changelog_3x.md",
"content": "OkHttp 3.x Change Log\n=====================\n\n## Version 3.14.9\n\n_2020-05-17_\n\n * Fix: Don't crash when running as a plugin in Android Studio Canary 4.1. To enable\n platform-specific TLS features OkHttp must detect whether it's running in a JVM or in Android.\n The upcoming Android Studio runs in a JVM but has classes from Android and that confused OkHttp!\n\n\n## Version 3.14.8\n\n_2020-04-28_\n\n * Fix: Don't crash on Java 8u252 which introduces an API previously found only on Java 9 and\n above. See [Jetty's overview][jetty_8_252] of the API change and its consequences.\n\n## Version 3.14.7\n\n_2020-02-24_\n\n * Fix: Don't crash on Android 11 due to use of restricted methods. This prevents a crash with the\n exception, \"Expected Android API level 21+ but was 29\".\n\n\n## Version 3.14.6\n\n_2020-01-11_\n\n * Fix: Don't crash if the connection is closed when sending a degraded ping. This fixes a\n regression that was introduced in OkHttp 3.14.5.\n\n\n## Version 3.14.5\n\n_2020-01-03_\n\n * Fix: Degrade HTTP/2 connections after a timeout. When an HTTP/2 stream times out it may impact\n the stream only or the entire connection. With this fix OkHttp will now send HTTP/2 pings after\n a stream timeout to determine whether the connection should remain eligible for pooling.\n\n\n## Version 3.14.4\n\n_2019-09-29_\n\n * Fix: Cancel calls that fail due to unexpected exceptions. We had a bug where an enqueued call\n would never call back if it crashed with an unchecked throwable, such as a\n `NullPointerException` or `OutOfMemoryError`. We now call `Callback.onFailure()` with an\n `IOException` that reports the call as canceled. The triggering exception is still delivered to\n the thread's `UncaughtExceptionHandler`.\n * Fix: Don't evict incomplete entries when iterating the cache. We had a bug where iterating\n `Cache.urls()` would prevent in-flight entries from being written.\n\n\n## Version 3.14.3\n\n_2019-09-10_\n\n * Fix: Don't lose HTTP/2 flow control bytes when incoming data races with a stream close. If this\n happened enough then eventually the connection would stall.\n\n * Fix: Acknowledge and apply inbound HTTP/2 settings atomically. Previously we had a race where we\n could use new flow control capacity before acknowledging it, causing strict HTTP/2 servers to\n fail the call.\n\n * Fix: Recover gracefully when a coalesced connection immediately goes unhealthy.\n\n## Version 3.14.2\n\n_2019-05-19_\n\n * Fix: Lock in a route when recovering from an HTTP/2 connection error. We had a bug where two\n calls that failed at the same time could cause OkHttp to crash with a `NoSuchElementException`\n instead of the expected `IOException`.\n\n * Fix: Don't crash with a `NullPointerException` when formatting an error message describing a\n truncated response from an HTTPS proxy.\n\n\n## Version 3.14.1\n\n_2019-04-10_\n\n * Fix: Don't crash when an interceptor retries when there are no more routes. This was an\n edge-case regression introduced with the events cleanup in 3.14.0.\n\n * Fix: Provide actionable advice when the exchange is non-null. Prior to 3.14, OkHttp would\n silently leak connections when an interceptor retries without closing the response body. With\n 3.14 we detect this problem but the exception was not helpful.\n\n## Version 3.14.0\n\n_2019-03-14_\n\n * **This release deletes the long-deprecated `OkUrlFactory` and `OkApacheClient` APIs.** These\n facades hide OkHttp's implementation behind another client's API. If you still need this please\n copy and paste [ObsoleteUrlFactory.java][obsolete_url_factory] or\n [ObsoleteApacheClient.java][obsolete_apache_client] into your project.\n\n * **OkHttp now supports duplex calls over HTTP/2.** With normal HTTP calls the request must finish\n before the response starts. With duplex, request and response bodies are transmitted\n simultaneously. This can be used to implement interactive conversations within a single HTTP\n call.\n\n Create duplex calls by overriding the new `RequestBody.isDuplex()` method to return true.\n This simple option dramatically changes the behavior of the request body and of the entire\n call.\n\n The `RequestBody.writeTo()` method may now retain a reference to the provided sink and\n hand it off to another thread to write to it after `writeTo` returns.\n\n The `EventListener` may now see requests and responses interleaved in ways not previously\n permitted. For example, a listener may receive `responseHeadersStart()` followed by\n `requestBodyEnd()`, both on the same call. Such events may be triggered by different threads\n even for a single call.\n\n Interceptors that rewrite or replace the request body may now inadvertently interfere with\n duplex request bodies. Such interceptors should check `RequestBody.isDuplex()` and avoid\n accessing the request body when it is.\n\n Duplex calls require HTTP/2. If HTTP/1 is established instead the duplex call will fail. The\n most common use of duplex calls is [gRPC][grpc_http2].\n\n * New: Prevent OkHttp from retransmitting a request body by overriding `RequestBody.isOneShot()`.\n This is most useful when writing the request body is destructive.\n\n * New: We've added `requestFailed()` and `responseFailed()` methods to `EventListener`. These\n are called instead of `requestBodyEnd()` and `responseBodyEnd()` in some failure situations.\n They may also be fired in cases where no event was published previously. In this release we did\n an internal rewrite of our event code to fix problems where events were lost or unbalanced.\n\n * Fix: Don't leak a connection when a call is canceled immediately preceding the `onFailure()`\n callback.\n\n * Fix: Apply call timeouts when connecting duplex calls, web sockets, and server-sent events.\n Once the streams are established no further timeout is enforced.\n\n * Fix: Retain the `Route` when a connection is reused on a redirect or other follow-up. This was\n causing some `Authenticator` calls to see a null route when non-null was expected.\n\n * Fix: Use the correct key size in the name of `TLS_AES_128_CCM_8_SHA256` which is a TLS 1.3\n cipher suite. We accidentally specified a key size of 256, preventing that cipher suite from\n being selected for any TLS handshakes. We didn't notice because this cipher suite isn't\n supported on Android, Java, or Conscrypt.\n\n We removed this cipher suite and `TLS_AES_128_CCM_SHA256` from the restricted, modern, and\n compatible sets of cipher suites. These two cipher suites aren't enabled by default in either\n Firefox or Chrome.\n\n See our [TLS Configuration History][tls_configuration_history] tracker for a log of all changes\n to OkHttp's default TLS options.\n\n * New: Upgrade to Conscrypt 2.0.0. OkHttp works with other versions of Conscrypt but this is the\n version we're testing against.\n\n ```kotlin\n implementation(\"org.conscrypt:conscrypt-openjdk-uber:2.0.0\")\n ```\n\n * New: Update the embedded public suffixes list.\n\n\n## Version 3.13.1\n\n_2019-02-05_\n\n * Fix: Don't crash when using a custom `X509TrustManager` or `SSLSocket` on Android. When we\n removed obsolete code for Android 4.4 we inadvertently also removed support for custom\n subclasses. We've restored that support!\n\n\n## Version 3.13.0\n\n_2019-02-04_\n\n * **This release bumps our minimum requirements to Java 8+ or Android 5+.** Cutting off old\n devices is a serious change and we don't do it lightly! [This post][require_android_5] explains\n why we're doing this and how to upgrade.\n\n The OkHttp 3.12.x branch will be our long-term branch for Android 2.3+ (API level 9+) and Java\n 7+. These platforms lack support for TLS 1.2 and should not be used. But because upgrading is\n difficult we will backport critical fixes to the 3.12.x branch through December 31, 2021. (This\n commitment was originally through December 31, 2020; we have since extended it.)\n\n * **TLSv1 and TLSv1.1 are no longer enabled by default.** Major web browsers are working towards\n removing these versions altogether in early 2020. If your servers aren't ready yet you can\n configure OkHttp 3.13 to allow TLSv1 and TLSv1.1 connections:\n\n ```\n OkHttpClient client = new OkHttpClient.Builder()\n .connectionSpecs(Arrays.asList(ConnectionSpec.COMPATIBLE_TLS))\n .build();\n ```\n\n * New: You can now access HTTP trailers with `Response.trailers()`. This method may only be called\n after the entire HTTP response body has been read.\n\n * New: Upgrade to Okio 1.17.3. If you're on Kotlin-friendly Okio 2.x this release requires 2.2.2\n or newer.\n\n ```kotlin\n implementation(\"com.squareup.okio:okio:1.17.3\")\n ```\n\n * Fix: Don't miss cancels when sending HTTP/2 request headers.\n * Fix: Don't miss whole operation timeouts when calls redirect.\n * Fix: Don't leak connections if web sockets have malformed responses or if `onOpen()` throws.\n * Fix: Don't retry when request bodies fail due to `FileNotFoundException`.\n * Fix: Don't crash when URLs have IPv4-mapped IPv6 addresses.\n * Fix: Don't crash when building `HandshakeCertificates` on Android API 28.\n * Fix: Permit multipart file names to contain non-ASCII characters.\n * New: API to get MockWebServer's dispatcher.\n * New: API to access headers as `java.time.Instant`.\n * New: Fail fast if a `SSLSocketFactory` is used as a `SocketFactory`.\n * New: Log the TLS handshake in `LoggingEventListener`.\n\n## Version 3.12.13\n\n_2021-01-30_\n\n * Fix: Work around a crash in Android 10 and 11 that may be triggered when two threads\n concurrently close an SSL socket. This would have appeared in crash logs as\n `NullPointerException: bio == null`.\n\n\n## Version 3.12.12\n\n_2020-05-17_\n\n * Fix: Don't crash when running as a plugin in Android Studio Canary 4.1. To enable\n platform-specific TLS features OkHttp must detect whether it's running in a JVM or in Android.\n The upcoming Android Studio runs in a JVM but has classes from Android and that confused OkHttp!\n\n\n## Version 3.12.11\n\n_2020-04-28_\n\n * Fix: Don't crash on Java 8u252 which introduces an API previously found only on Java 9 and\n above. See [Jetty's overview][jetty_8_252] of the API change and its consequences.\n\n\n## Version 3.12.10\n\n_2020-02-29_\n\n * Fix: Don't crash on Android 4.1 when detecting methods that became restricted in Android 11.\n Supporting a full decade of Android releases on our 3.12.x branch is tricky!\n\n\n## Version 3.12.9\n\n_2020-02-24_\n\n * Fix: Don't crash on Android 11 due to use of restricted methods. This prevents a crash with the\n exception, \"Expected Android API level 21+ but was 29\".\n\n\n## Version 3.12.8\n\n_2020-01-11_\n\n * Fix: Don't crash if the connection is closed when sending a degraded ping. This fixes a\n regression that was introduced in OkHttp 3.12.7.\n\n\n## Version 3.12.7\n\n_2020-01-03_\n\n * Fix: Degrade HTTP/2 connections after a timeout. When an HTTP/2 stream times out it may impact\n the stream only or the entire connection. With this fix OkHttp will now send HTTP/2 pings after\n a stream timeout to determine whether the connection should remain eligible for pooling.\n\n\n## Version 3.12.6\n\n_2019-09-29_\n\n * Fix: Cancel calls that fail due to unexpected exceptions. We had a bug where an enqueued call\n would never call back if it crashed with an unchecked throwable, such as a\n `NullPointerException` or `OutOfMemoryError`. We now call `Callback.onFailure()` with an\n `IOException` that reports the call as canceled. The triggering exception is still delivered to\n the thread's `UncaughtExceptionHandler`.\n * Fix: Don't evict incomplete entries when iterating the cache. We had a bug where iterating\n `Cache.urls()` would prevent in-flight entries from being written.\n\n\n## Version 3.12.5\n\n_2019-09-10_\n\n * Fix: Don't lose HTTP/2 flow control bytes when incoming data races with a stream close. If this\n happened enough then eventually the connection would stall.\n\n * Fix: Acknowledge and apply inbound HTTP/2 settings atomically. Previously we had a race where we\n could use new flow control capacity before acknowledging it, causing strict HTTP/2 servers to\n fail the call.\n\n\n## Version 3.12.4\n\n_2019-09-04_\n\n * Fix: Don't crash looking up an absent class on certain buggy Android 4.x devices.\n\n\n## Version 3.12.3\n\n_2019-05-07_\n\n * Fix: Permit multipart file names to contain non-ASCII characters.\n * Fix: Retain the `Route` when a connection is reused on a redirect or other follow-up. This was\n causing some `Authenticator` calls to see a null route when non-null was expected.\n\n\n## Version 3.12.2\n\n_2019-03-14_\n\n * Fix: Don't crash if the HTTPS server returns no certificates in the TLS handshake.\n * Fix: Don't leak a connection when a call is canceled immediately preceding the `onFailure()`\n callback.\n\n\n## Version 3.12.1\n\n_2018-12-23_\n\n * Fix: Remove overlapping `package-info.java`. This caused issues with some build tools.\n\n\n## Version 3.12.0\n\n_2018-11-16_\n\n * **OkHttp now supports TLS 1.3.** This requires either Conscrypt or Java 11+.\n\n * **Proxy authenticators are now asked for preemptive authentication.** OkHttp will now request\n authentication credentials before creating TLS tunnels through HTTP proxies (HTTP `CONNECT`).\n Authenticators should identify preemptive authentications by the presence of a challenge whose\n scheme is \"OkHttp-Preemptive\".\n\n * **OkHttp now offers full-operation timeouts.** This sets a limit on how long the entire call may\n take and covers resolving DNS, connecting, writing the request body, server processing, and\n reading the full response body. If a call requires redirects or retries all must complete within\n one timeout period.\n\n Use `OkHttpClient.Builder.callTimeout()` to specify the default duration and `Call.timeout()` to\n specify the timeout of an individual call.\n\n * New: Return values and fields are now non-null unless otherwise annotated.\n * New: `LoggingEventListener` makes it easy to get basic visibility into a call's performance.\n This class is in the `logging-interceptor` artifact.\n * New: `Headers.Builder.addUnsafeNonAscii()` allows non-ASCII values to be added without an\n immediate exception.\n * New: Headers can be redacted in `HttpLoggingInterceptor`.\n * New: `Headers.Builder` now accepts dates.\n * New: OkHttp now accepts `java.time.Duration` for timeouts on Java 8+ and Android 26+.\n * New: `Challenge` includes all authentication parameters.\n * New: Upgrade to BouncyCastle 1.60, Conscrypt 1.4.0, and Okio 1.15.0. We don't yet require\n Kotlin-friendly Okio 2.x but OkHttp works fine with that series.\n\n ```kotlin\n implementation(\"org.bouncycastle:bcprov-jdk15on:1.60\")\n implementation(\"org.conscrypt:conscrypt-openjdk-uber:1.4.0\")\n implementation(\"com.squareup.okio:okio:1.15.0\")\n ```\n\n * Fix: Handle dispatcher executor shutdowns gracefully. When there aren't any threads to carry a\n call its callback now gets a `RejectedExecutionException`.\n * Fix: Don't permanently cache responses with `Cache-Control: immutable`. We misunderstood the\n original `immutable` proposal!\n * Fix: Change `Authenticator`'s `Route` parameter to be nullable. This was marked as non-null but\n could be called with null in some cases.\n * Fix: Don't create malformed URLs when `MockWebServer` is reached via an IPv6 address.\n * Fix: Don't crash if the system default authenticator is null.\n * Fix: Don't crash generating elliptic curve certificates on Android.\n * Fix: Don't crash doing platform detection on RoboVM.\n * Fix: Don't leak socket connections when web socket upgrades fail.\n\n\n## Version 3.11.0\n\n_2018-07-12_\n\n * **OkHttp's new okhttp-tls submodule tames HTTPS and TLS.**\n\n `HeldCertificate` is a TLS certificate and its private key. Generate a certificate with its\n builder then use it to sign another certificate or perform a TLS handshake. The\n `certificatePem()` method encodes the certificate in the familiar PEM format\n (`--- BEGIN CERTIFICATE ---`); the `privateKeyPkcs8Pem()` does likewise for the private key.\n\n `HandshakeCertificates` holds the TLS certificates required for a TLS handshake. On the server\n it keeps your `HeldCertificate` and its chain. On the client it keeps the root certificates\n that are trusted to sign a server's certificate chain. `HandshakeCertificates` also works with\n mutual TLS where these roles are reversed.\n\n These classes make it possible to enable HTTPS in MockWebServer in [just a few lines of\n code][https_server_sample].\n\n * **OkHttp now supports prior knowledge cleartext HTTP/2.** Enable this by setting\n `Protocol.H2_PRIOR_KNOWLEDGE` as the lone protocol on an `OkHttpClient.Builder`. This mode\n only supports `http:` URLs and is best suited in closed environments where HTTPS is\n inappropriate.\n\n * New: `HttpUrl.get(String)` is an alternative to `HttpUrl.parse(String)` that throws an exception\n when the URL is malformed instead of returning null. Use this to avoid checking for null in\n situations where the input is known to be well-formed. We've also added `MediaType.get(String)`\n which is an exception-throwing alternative to `MediaType.parse(String)`.\n * New: The `EventListener` API previewed in OkHttp 3.9 has graduated to a stable API. Use this\n interface to track metrics and monitor HTTP requests' size and duration.\n * New: `okhttp-dnsoverhttps` is an experimental API for doing DNS queries over HTTPS. Using HTTPS\n for DNS offers better security and potentially better performance. This feature is a preview:\n the API is subject to change.\n * New: `okhttp-sse` is an early preview of Server-Sent Events (SSE). This feature is incomplete\n and is only suitable for experimental use.\n * New: MockWebServer now supports client authentication (mutual TLS). Call `requestClientAuth()`\n to permit an optional client certificate or `requireClientAuth()` to require one.\n * New: `RecordedRequest.getHandshake()` returns the HTTPS handshake of a request sent to\n `MockWebServer`.\n * Fix: Honor the `MockResponse` header delay in MockWebServer.\n * Fix: Don't release HTTP/2 connections that have multiple canceled calls. We had a bug where\n canceling calls would cause the shared HTTP/2 connection to be unnecessarily released. This\n harmed connection reuse.\n * Fix: Ensure canceled and discarded HTTP/2 data is not permanently counted against the limited\n flow control window. We had a few bugs where window size accounting was broken when streams\n were canceled or reset.\n * Fix: Recover gracefully if the TLS session returns an unexpected version (`NONE`) or cipher\n suite (`SSL_NULL_WITH_NULL_NULL`).\n * Fix: Don't change Conscrypt configuration globally. We migrated from a process-wide setting to\n configuring only OkHttp's TLS sockets.\n * Fix: Prefer TLSv1.2 where it is available. On certain older platforms it is necessary to opt-in\n to TLSv1.2.\n * New: `Request.tag()` permits multiple tags. Use a `Class` as a key to identify tags. Note\n that `tag()` now returns null if the request has no tag. Previously this would return the\n request itself.\n * New: `Headers.Builder.addAll(Headers)`.\n * New: `ResponseBody.create(MediaType, ByteString)`.\n * New: Embed R8/ProGuard rules in the jar. These will be applied automatically by R8.\n * Fix: Release the connection if `Authenticator` throws an exception.\n * Fix: Change the declaration of `OkHttpClient.cache()` to return a `@Nullable Cache`. The return\n value has always been nullable but it wasn't declared properly.\n * Fix: Reverse suppression of connect exceptions. When both a call and its retry fail, we now\n throw the initial exception which is most likely to be actionable.\n * Fix: Retain interrupted state when throwing `InterruptedIOException`. A single interrupt should\n now be sufficient to break out an in-flight OkHttp call.\n * Fix: Don't drop a call to `EventListener.callEnd()` when the response body is consumed inside an\n interceptor.\n\n\n## Version 3.10.0\n\n_2018-02-24_\n\n * **The pingInterval() feature now aggressively checks connectivity for web\n sockets and HTTP/2 connections.**\n\n Previously if you configured a ping interval that would cause OkHttp to send\n pings, but it did not track whether the reply pongs were received. With this\n update OkHttp requires that every ping receive a response: if it does not\n the connection will be closed and the listener's `onFailure()` method will\n be called.\n\n Web sockets have always been had pings, but pings on HTTP/2 connections is\n new in this release. Pings are used for connections that are busy carrying\n calls and for idle connections in the connection pool. (Pings do not impact\n when pooled connections are evicted).\n\n If you have a configured ping interval, you should confirm that it is long\n enough for a roundtrip from client to server. If your ping interval is too\n short, slow connections may be misinterpreted as failed connections. A ping\n interval of 30 seconds is reasonable for most use cases.\n\n * **OkHttp now supports [Conscrypt][conscrypt].** Conscrypt is a Java Security\n Provider that integrates BoringSSL into the Java platform. Conscrypt\n supports more cipher suites than the JVM’s default provider and may also\n execute more efficiently.\n\n To use it, first register a [Conscrypt dependency][conscrypt_dependency] in\n your build system.\n\n OkHttp will use Conscrypt if you set the `okhttp.platform` system property\n to `conscrypt`.\n\n Alternatively, OkHttp will also use Conscrypt if you install it as your\n preferred security provider. To do so, add the following code to execute\n before you create your `OkHttpClient`.\n\n ```\n Security.insertProviderAt(\n new org.conscrypt.OpenSSLProvider(), 1);\n ```\n\n Conscrypt is the bundled security provider on Android so it is not necessary\n to configure it on that platform.\n\n * New: `HttpUrl.addQueryParameter()` percent-escapes more characters.\n Previously several ASCII punctuation characters were not percent-escaped\n when used with this method. This does not impact already-encoded query\n parameters in APIs like `HttpUrl.parse()` and\n `HttpUrl.Builder.addEncodedQueryParameter()`.\n * New: CBC-mode ECDSA cipher suites have been removed from OkHttp's default\n configuration: `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA` and\n `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`. This tracks a [Chromium\n change][remove_cbc_ecdsa] to remove these cipher suites because they are\n fragile and rarely-used.\n * New: Don't fall back to common name (CN) verification for hostnames. This\n behavior was deprecated with RFC 2818 in May 2000 and was recently dropped\n from major web browsers.\n * New: Honor the `Retry-After` response header. HTTP 503 (Unavailable)\n responses are retried automatically if this header is present and its delay\n is 0 seconds. HTTP 408 (Client Timeout) responses are retried automatically\n if the header is absent or its delay is 0 seconds.\n * New: Allow request bodies for all HTTP methods except GET and HEAD.\n * New: Automatic module name of `okhttp3` for use with the Java Platform\n Module System.\n * New: Log gzipped bodies when `HttpLoggingInterceptor` is used as a network\n interceptor.\n * New: `Protocol.QUIC` constant. This protocol is not supported but this\n constant is included for completeness.\n * New: Upgrade to Okio 1.14.0.\n\n ```xml\n \n com.squareup.okio\n okio\n 1.14.0\n \n\n com.squareup.okio:okio:1.14.0\n ```\n\n * Fix: Handle `HTTP/1.1 100 Continue` status lines, even on requests that did\n not send the `Expect: continue` request header.\n * Fix: Do not count web sockets toward the dispatcher's per-host connection\n limit.\n * Fix: Avoid using invalid HTTPS sessions. This prevents OkHttp from crashing\n with the error, `Unexpected TLS version: NONE`.\n * Fix: Don't corrupt the response cache when a 304 (Not Modified) response\n overrides the stored \"Content-Encoding\" header.\n * Fix: Gracefully shut down the HTTP/2 connection before it exhausts the\n namespace of stream IDs (~536 million streams).\n * Fix: Never pass a null `Route` to `Authenticator`. There was a bug where\n routes were omitted for eagerly-closed connections.\n\n## Version 3.9.1\n\n_2017-11-18_\n\n * New: Recover gracefully when Android's DNS crashes with an unexpected\n `NullPointerException`.\n * New: Recover gracefully when Android's socket connections crash with an\n unexpected `ClassCastException`.\n * Fix: Don't include the URL's fragment in `encodedQuery()` when the query\n itself is empty.\n\n## Version 3.9.0\n\n_2017-09-03_\n\n * **Interceptors are more capable.** The `Chain` interface now offers access\n to the call and can adjust all call timeouts. Note that this change is\n source-incompatible for code that implements the `Chain` interface.\n We don't expect this to be a problem in practice!\n\n * **OkHttp has an experimental new API for tracking metrics.** The new\n `EventListener` API is designed to help developers monitor HTTP requests'\n size and duration. This feature is an unstable preview: the API is subject\n to change, and the implementation is incomplete. This is a big new API we\n are eager for feedback.\n\n * New: Support ALPN via Google Play Services' Dynamic Security Provider. This\n expands HTTP/2 support to older Android devices that have Google Play\n Services.\n * New: Consider all routes when looking for candidate coalesced connections.\n This increases the likelihood that HTTP/2 connections will be shared.\n * New: Authentication challenges and credentials now use a charset. Use this in\n your authenticator to support user names and passwords with non-ASCII\n characters.\n * New: Accept a charset in `FormBody.Builder`. Previously form bodies were\n always UTF-8.\n * New: Support the `immutable` cache-control directive.\n * Fix: Don't crash when an HTTP/2 call is redirected while the connection is\n being shut down.\n * Fix: Don't drop headers of healthy streams that raced with `GOAWAY` frames.\n This bug would cause HTTP/2 streams to occasional hang when the connection\n was shutting down.\n * Fix: Honor `OkHttpClient.retryOnConnectionFailure()` when the response is a\n HTTP 408 Request Timeout. If retries are enabled, OkHttp will retry exactly\n once in response to a 408.\n * Fix: Don't crash when reading the empty `HEAD` response body if it specifies\n a `Content-Length`.\n * Fix: Don't crash if the thread is interrupted while reading the public\n suffix database.\n * Fix: Use relative resource path when loading the public suffix database.\n Loading the resource using a path relative to the class prevents conflicts\n when the OkHttp classes are relocated (shaded) by allowing multiple private\n copies of the database.\n * Fix: Accept cookies for URLs that have an IPv6 address for a host.\n * Fix: Don't log the protocol (HTTP/1.1, h2) in HttpLoggingInterceptor if the\n protocol isn't negotiated yet! Previously we'd log HTTP/1.1 by default, and\n this was confusing.\n * Fix: Omit the message from MockWebServer's HTTP/2 `:status` header.\n * Fix: Handle 'Expect: 100 Continue' properly in MockWebServer.\n\n\n## Version 3.8.1\n\n_2017-06-18_\n\n * Fix: Recover gracefully from stale coalesced connections. We had a bug where\n connection coalescing (introduced in OkHttp 3.7.0) and stale connection\n recovery could interact to cause a `NoSuchElementException` crash in the\n `RouteSelector`.\n\n\n## Version 3.8.0\n\n_2017-05-13_\n\n\n * **OkHttp now uses `@Nullable` to annotate all possibly-null values.** We've\n added a compile-time dependency on the JSR 305 annotations. This is a\n [provided][maven_provided] dependency and does not need to be included in\n your build configuration, `.jar` file, or `.apk`. We use\n `@ParametersAreNonnullByDefault` and all parameters and return types are\n never null unless explicitly annotated `@Nullable`.\n\n * **Warning: this release is source-incompatible for Kotlin users.**\n Nullability was previously ambiguous and lenient but now the compiler will\n enforce strict null checks.\n\n * New: The response message is now non-null. This is the \"Not Found\" in the\n status line \"HTTP 404 Not Found\". If you are building responses\n programmatically (with `new Response.Builder()`) you must now always supply\n a message. An empty string `\"\"` is permitted. This value was never null on\n responses returned by OkHttp itself, and it was an old mistake to permit\n application code to omit a message.\n\n * The challenge's scheme and realm are now non-null. If you are calling\n `new Challenge(scheme, realm)` you must provide non-null values. These were\n never null in challenges created by OkHttp, but could have been null in\n application code that creates challenges.\n\n * New: The `TlsVersion` of a `Handshake` is now non-null. If you are calling\n `Handshake.get()` with a null TLS version, you must instead now provide a\n non-null `TlsVersion`. Cache responses persisted prior to OkHttp 3.0 did not\n store a TLS version; for these unknown values the handshake is defaulted to\n `TlsVersion.SSL_3_0`.\n\n * New: Upgrade to Okio 1.13.0.\n\n ```xml\n \n com.squareup.okio\n okio\n 1.13.0\n \n\n com.squareup.okio:okio:1.13.0\n ```\n\n * Fix: gracefully recover when Android 7.0's sockets throw an unexpected\n `NullPointerException`.\n\n## Version 3.7.0\n\n_2017-04-15_\n\n * **OkHttp no longer recovers from TLS handshake failures by attempting a TLSv1 connection.**\n The fallback was necessary for servers that implemented version negotiation incorrectly. Now\n that 99.99% of servers do it right this fallback is obsolete.\n * Fix: Do not honor cookies set on a public domain. Previously a malicious site could inject\n cookies on top-level domains like `co.uk` because our cookie parser didn't honor the [public\n suffix][public_suffix] list. Alongside this fix is a new API, `HttpUrl.topPrivateDomain()`,\n which returns the privately domain name if the URL has one.\n * Fix: Change `MediaType.charset()` to return null for unexpected charsets.\n * Fix: Don't skip cache invalidation if the invalidating response has no body.\n * Fix: Don't use a cryptographic random number generator for web sockets. Some Android devices\n implement `SecureRandom` incorrectly!\n * Fix: Correctly canonicalize IPv6 addresses in `HttpUrl`. This prevented OkHttp from trusting\n HTTPS certificates issued to certain IPv6 addresses.\n * Fix: Don't reuse connections after an unsuccessful `Expect: 100-continue`.\n * Fix: Handle either `TLS_` or `SSL_` prefixes for cipher suite names. This is necessary for\n IBM JVMs that use the `SSL_` prefix exclusively.\n * Fix: Reject HTTP/2 data frames if the stream ID is 0.\n * New: Upgrade to Okio 1.12.0.\n\n ```xml\n \n com.squareup.okio\n okio\n 1.12.0\n \n\n com.squareup.okio:okio:1.12.0\n ```\n\n * New: Connection coalescing. OkHttp may reuse HTTP/2 connections across calls that share an IP\n address and HTTPS certificate, even if their domain names are different.\n * New: MockWebServer's `RecordedRequest` exposes the requested `HttpUrl` with `getRequestUrl()`.\n\n\n## Version 3.6.0\n\n_2017-01-29_\n\n * Fix: Don't crash with a \"cache is closed\" error when there is an error initializing the cache.\n * Fix: Calling `disconnect()` on a connecting `HttpUrlConnection` could cause it to retry in an\n infinite loop! This regression was introduced in OkHttp 2.7.0.\n * Fix: Drop cookies that contain ASCII NULL and other bad characters. Previously such cookies\n would cause OkHttp to crash when they were included in a request.\n * Fix: Release duplicated multiplexed connections. If we concurrently establish connections to an\n HTTP/2 server, close all but the first connection.\n * Fix: Fail the HTTP/2 connection if first frame isn't `SETTINGS`.\n * Fix: Forbid spaces in header names.\n * Fix: Don't offer to do gzip if the request is partial.\n * Fix: MockWebServer is now usable with JUnit 5. That update [broke the rules][junit_5_rules].\n * New: Support `Expect: 100-continue` as a request header. Callers can use this header to\n pessimistically hold off on transmitting a request body until a server gives the go-ahead.\n * New: Permit network interceptors to rewrite the host header for HTTP/2. This makes it possible\n to do domain fronting.\n * New: charset support for `Credentials.basic()`.\n\n\n## Version 3.5.0\n\n_2016-11-30_\n\n * **Web Sockets are now a stable feature of OkHttp.** Since being introduced as a beta feature in\n OkHttp 2.3 our web socket client has matured. Connect to a server's web socket with\n `OkHttpClient.newWebSocket()`, send messages with `send()`, and receive messages with the\n `WebSocketListener`.\n\n The `okhttp-ws` submodule is no longer available and `okhttp-ws` artifacts from previous\n releases of OkHttp are not compatible with OkHttp 3.5. When upgrading to the new package\n please note that the `WebSocket` and `WebSocketCall` classes have been merged. Sending messages\n is now asynchronous and they may be enqueued before the web socket is connected.\n\n * **OkHttp no longer attempts a direct connection if the system's HTTP proxy fails.** This\n behavior was surprising because OkHttp was disregarding the user's specified configuration. If\n you need to customize proxy fallback behavior, implement your own `java.net.ProxySelector`.\n\n * Fix: Support TLSv1.3 on devices that support it.\n\n * Fix: Share pooled connections across equivalent `OkHttpClient` instances. Previous releases had\n a bug where a shared connection pool did not guarantee shared connections in some cases.\n * Fix: Prefer the server's response body on all conditional cache misses. Previously we would\n return the cached response's body if it had a newer `Last-Modified` date.\n * Fix: Update the stored timestamp on conditional cache hits.\n * New: Optimized HTTP/2 request header encoding. More headers are HPACK-encoded and string\n literals are now Huffman-encoded.\n * New: Expose `Part` headers and body in `Multipart`.\n * New: Make `ResponseBody.string()` and `ResponseBody.charStream()` BOM-aware. If your HTTP\n response body begins with a [byte order mark][bom] it will be consumed and used to select a\n charset for the remaining bytes. Most applications should not need a byte order mark.\n\n * New: Upgrade to Okio 1.11.0.\n\n ```xml\n \n com.squareup.okio\n okio\n 1.11.0\n \n\n com.squareup.okio:okio:1.11.0\n ```\n\n * Fix: Avoid sending empty HTTP/2 data frames when there is no request body.\n * Fix: Add a leading `.` for better domain matching in `JavaNetCookieJar`.\n * Fix: Gracefully recover from HTTP/2 connection shutdowns at start of request.\n * Fix: Be lenient if a `MediaType`'s character set is `'single-quoted'`.\n * Fix: Allow horizontal tab characters in header values.\n * Fix: When parsing HTTP authentication headers permit challenge parameters in any order.\n\n\n## Version 3.4.2\n\n_2016-11-03_\n\n * Fix: Recover gracefully when an HTTP/2 connection is shutdown. We had a\n bug where shutdown HTTP/2 connections were considered usable. This caused\n infinite loops when calls attempted to recover.\n\n\n## Version 3.4.1\n\n_2016-07-10_\n\n * **Fix a major bug in encoding HTTP headers.** In 3.4.0 and 3.4.0-RC1 OkHttp\n had an off-by-one bug in our HPACK encoder. This bug could have caused the\n wrong headers to be emitted after a sequence of HTTP/2 requests! Everyone\n who is using OkHttp 3.4.0 or 3.4.0-RC1 should upgrade for this bug fix.\n\n\n## Version 3.4.0\n\n_2016-07-08_\n\n * New: Support dynamic table size changes to HPACK Encoder.\n * Fix: Use `TreeMap` in `Headers.toMultimap()`. This makes string lookups on\n the returned map case-insensitive.\n * Fix: Don't share the OkHttpClient's `Dispatcher` in `HttpURLConnection`.\n\n\n## Version 3.4.0-RC1\n\n_2016-07-02_\n\n * **We’ve rewritten HttpURLConnection and HttpsURLConnection.** Previously we\n shared a single HTTP engine between two frontend APIs: `HttpURLConnection`\n and `Call`. With this release we’ve rearranged things so that the\n `HttpURLConnection` frontend now delegates to the `Call` APIs internally.\n This has enabled substantial simplifications and optimizations in the OkHttp\n core for both frontends.\n\n For most HTTP requests the consequences of this change will be negligible.\n If your application uses `HttpURLConnection.connect()`,\n `setFixedLengthStreamingMode()`, or `setChunkedStreamingMode()`, OkHttp will\n now use a async dispatcher thread to establish the HTTP connection.\n\n We don’t expect this change to have any behavior or performance\n consequences. Regardless, please exercise your `OkUrlFactory` and\n `HttpURLConnection` code when applying this update.\n\n * **Cipher suites may now have arbitrary names.** Previously `CipherSuite` was\n a Java enum and it was impossible to define new cipher suites without first\n upgrading OkHttp. With this change it is now a regular Java class with\n enum-like constants. Application code that uses enum methods on cipher\n suites (`ordinal()`, `name()`, etc.) will break with this change.\n\n * Fix: `CertificatePinner` now matches canonicalized hostnames. Previously\n this was case sensitive. This change should also make it easier to configure\n certificate pinning for internationalized domain names.\n * Fix: Don’t crash on non-ASCII `ETag` headers. Previously OkHttp would reject\n these headers when validating a cached response.\n * Fix: Don’t allow remote peer to arbitrarily size the HPACK decoder dynamic\n table.\n * Fix: Honor per-host configuration in Android’s network security config.\n Previously disabling cleartext for any host would disable cleartext for all\n hosts. Note that this setting is only available on Android 24+.\n * New: HPACK compression is now dynamic. This should improve performance when\n transmitting request headers over HTTP/2.\n * New: `Dispatcher.setIdleCallback()` can be used to signal when there are no\n calls in flight. This is useful for [testing with\n Espresso][okhttp_idling_resource].\n * New: Upgrade to Okio 1.9.0.\n\n ```xml\n \n com.squareup.okio\n okio\n 1.9.0\n \n ```\n\n\n## Version 3.3.1\n\n_2016-05-28_\n\n * Fix: The plaintext check in HttpLoggingInterceptor incorrectly classified\n newline characters as control characters. This is fixed.\n * Fix: Don't crash reading non-ASCII characters in HTTP/2 headers or in cached\n HTTP headers.\n * Fix: Retain the response body when an attempt to open a web socket returns a\n non-101 response code.\n\n\n## Version 3.3.0\n\n_2016-05-24_\n\n * New: `Response.sentRequestAtMillis()` and `receivedResponseAtMillis()`\n methods track the system's local time when network calls are made. These\n replace the `OkHttp-Sent-Millis` and `OkHttp-Received-Millis` headers that were\n present in earlier versions of OkHttp.\n * New: Accept user-provided trust managers in `OkHttpClient.Builder`. This\n allows OkHttp to satisfy its TLS requirements directly. Otherwise OkHttp\n will use reflection to extract the `TrustManager` from the\n `SSLSocketFactory`.\n * New: Support prerelease Java 9. This gets ALPN from the platform rather than\n relying on the alpn-boot bootclasspath override.\n * New: `HttpLoggingInterceptor` now logs connection failures.\n * New: Upgrade to Okio 1.8.0.\n\n ```xml\n \n com.squareup.okio\n okio\n 1.8.0\n \n ```\n\n * Fix: Gracefully recover from a failure to rebuild the cache journal.\n * Fix: Don't corrupt cache entries when a cache entry is evicted while it is\n being updated.\n * Fix: Make logging more consistent throughout OkHttp.\n * Fix: Log plaintext bodies only. This uses simple heuristics to differentiate\n text from other data.\n * Fix: Recover from `REFUSED_STREAM` errors in HTTP/2. This should improve\n interoperability with Nginx 1.10.0, which [refuses][nginx_959] streams\n created before HTTP/2 settings have been acknowledged.\n * Fix: Improve recovery from failed routes.\n * Fix: Accommodate tunneling proxies that close the connection after an auth\n challenge.\n * Fix: Use the proxy authenticator when authenticating HTTP proxies. This\n regression was introduced in OkHttp 3.0.\n * Fix: Fail fast if network interceptors transform the response body such that\n closing it doesn't also close the underlying stream. We had a bug where\n OkHttp would attempt to reuse a connection but couldn't because it was still\n held by a prior request.\n * Fix: Ensure network interceptors always have access to the underlying\n connection.\n * Fix: Use `X509TrustManagerExtensions` on Android 17+.\n * Fix: Unblock waiting dispatchers on MockWebServer shutdown.\n\n\n## Version 3.2.0\n\n_2016-02-25_\n\n * Fix: Change the certificate pinner to always build full chains. This\n prevents a potential crash when using certificate pinning with the Google\n Play Services security provider.\n * Fix: Make IPv6 request lines consistent with Firefox and Chrome.\n * Fix: Recover gracefully when trimming the response cache fails.\n * New: Add multiple path segments using a single string in `HttpUrl.Builder`.\n * New: Support SHA-256 pins in certificate pinner.\n\n\n## Version 3.1.2\n\n_2016-02-10_\n\n * Fix: Don’t crash when finding the trust manager on Robolectric. We attempted\n to detect the host platform and got confused because Robolectric looks like\n Android but isn’t!\n * Fix: Change `CertificatePinner` to skip sanitizing the certificate chain\n when no certificates were pinned. This avoids an SSL failure in insecure\n “trust everyone” configurations, such as when talking to a development\n HTTPS server that has a self-signed certificate.\n\n\n## Version 3.1.1\n\n_2016-02-07_\n\n * Fix: Don't crash when finding the trust manager if the Play Services (GMS)\n security provider is installed.\n * Fix: The previous release introduced a performance regression on Android,\n caused by looking up CA certificates. This is now fixed.\n\n\n## Version 3.1.0\n\n_2016-02-06_\n\n * New: WebSockets now defer some writes. This should improve performance for\n some applications.\n * New: Override `equals()` and `hashCode()` in our new cookie class. This\n class now defines equality by value rather than by reference.\n * New: Handle 408 responses by retrying the request. This allows servers to\n direct clients to retry rather than failing permanently.\n * New: Expose the framed protocol in `Connection`. Previously this would\n return the application-layer protocol (HTTP/1.1 or HTTP/1.0); now it always\n returns the wire-layer protocol (HTTP/2, SPDY/3.1, or HTTP/1.1).\n * Fix: Permit the trusted CA root to be pinned by `CertificatePinner`.\n * Fix: Silently ignore unknown HTTP/2 settings. Previously this would cause\n the entire connection to fail.\n * Fix: Don’t crash on unexpected charsets in the logging interceptor.\n * Fix: `OkHttpClient` is now non-final for the benefit of mocking frameworks.\n Mocking sophisticated classes like `OkHttpClient` is fragile and you\n shouldn’t do it. But if that’s how you want to live your life we won’t stand\n in your way!\n\n\n## Version 3.0.1\n\n_2016-01-14_\n\n * Rollback OSGi support. This was causing library jars to include more classes\n than expected, which interfered with Gradle builds.\n\n\n## Version 3.0.0\n\n_2016-01-13_\n\nThis release commits to a stable 3.0 API. Read the 3.0.0-RC1 changes for advice\non upgrading from 2.x to 3.x.\n\n * **The `Callback` interface now takes a `Call`**. This makes it easier to\n check if the call was canceled from within the callback. When migrating\n async calls to this new API, `Call` is now the first parameter for both\n `onResponse()` and `onFailure()`.\n * Fix: handle multiple cookies in `JavaNetCookieJar` on Android.\n * Fix: improve the default HTTP message in MockWebServer responses.\n * Fix: don't leak file handles when a conditional GET throws.\n * Fix: Use charset specified by the request body content type in OkHttp's\n logging interceptor.\n * Fix: Don't eagerly release pools on cache hits.\n * New: Make OkHttp OSGi ready.\n * New: Add already-implemented interfaces Closeable and Flushable to the cache.\n\n\n## Version 3.0.0-RC1\n\n_2016-01-02_\n\nOkHttp 3 is a major release focused on API simplicity and consistency. The API\nchanges are numerous but most are cosmetic. Applications should be able to\nupgrade from the 2.x API to the 3.x API mechanically and without risk.\n\nBecause the release includes breaking API changes, we're changing the project's\npackage name from `com.squareup.okhttp` to `okhttp3`. This should make it\npossible for large applications to migrate incrementally. The Maven group ID\nis now `com.squareup.okhttp3`. For an explanation of this strategy, see Jake\nWharton's post, [Java Interoperability Policy for Major Version\nUpdates][major_versions].\n\nThis release obsoletes OkHttp 2.x, and all code that uses OkHttp's\n`com.squareup.okhttp` package should upgrade to the `okhttp3` package. Libraries\nthat depend on OkHttp should upgrade quickly to prevent applications from being\nstuck on the old version.\n\n * **There is no longer a global singleton connection pool.** In OkHttp 2.x,\n all `OkHttpClient` instances shared a common connection pool by default.\n In OkHttp 3.x, each new `OkHttpClient` gets its own private connection pool.\n Applications should avoid creating many connection pools as doing so\n prevents connection reuse. Each connection pool holds its own set of\n connections alive so applications that have many pools also risk exhausting\n memory!\n\n The best practice in OkHttp 3 is to create a single OkHttpClient instance\n and share it throughout the application. Requests that needs a customized\n client should call `OkHttpClient.newBuilder()` on that shared instance.\n This allows customization without the drawbacks of separate connection\n pools.\n\n * **OkHttpClient is now stateless.** In the 2.x API `OkHttpClient` had getters\n and setters. Internally each request was forced to make its own complete\n snapshot of the `OkHttpClient` instance to defend against racy configuration\n changes. In 3.x, `OkHttpClient` is now stateless and has a builder. Note\n that this class is not strictly immutable as it has stateful members like\n the connection pool and cache.\n\n * **Get and Set prefixes are now avoided.** With ubiquitous builders\n throughout OkHttp these accessor prefixes aren't necessary. Previously\n OkHttp used _get_ and _set_ prefixes sporadically which make the API\n inconsistent and awkward to explore.\n\n * **OkHttpClient now implements the new `Call.Factory` interface.** This\n interface will make your code easier to test. When you test code that makes\n HTTP requests, you can use this interface to replace the real `OkHttpClient`\n with your own mocks or fakes.\n\n The interface will also let you use OkHttp's API with another HTTP client's\n implementation. This is useful in sandboxed environments like Google App\n Engine.\n\n * **OkHttp now does cookies.** We've replaced `java.net.CookieHandler` with\n a new interface, `CookieJar` and added our own `Cookie` model class. This\n new cookie follows the latest RFC and supports the same cookie attributes\n as modern web browsers.\n\n * **Form and Multipart bodies are now modeled.** We've replaced the opaque\n `FormEncodingBuilder` with the more powerful `FormBody` and\n `FormBody.Builder` combo. Similarly we've upgraded `MultipartBuilder` into\n `MultipartBody`, `MultipartBody.Part`, and `MultipartBody.Builder`.\n\n * **The Apache HTTP client and HttpURLConnection APIs are deprecated.** They\n continue to work as they always have, but we're moving everything to the new\n OkHttp 3 API. The `okhttp-apache` and `okhttp-urlconnection` modules should\n be only be used to accelerate a transition to OkHttp's request/response API.\n These deprecated modules will be dropped in an upcoming OkHttp 3.x release.\n\n * **Canceling batches of calls is now the application's responsibility.**\n The API to cancel calls by tag has been removed and replaced with a more\n general mechanism. The dispatcher now exposes all in-flight calls via its\n `runningCalls()` and `queuedCalls()` methods. You can write code that\n selects calls by tag, host, or whatever, and invokes `Call.cancel()` on the\n ones that are no longer necessary.\n\n * **OkHttp no longer uses the global `java.net.Authenticator` by default.**\n We've changed our `Authenticator` interface to authenticate web and proxy\n authentication failures through a single method. An adapter for the old\n authenticator is available in the `okhttp-urlconnection` module.\n\n * Fix: Don't throw `IOException` on `ResponseBody.contentLength()` or `close()`.\n * Fix: Never throw converting an `HttpUrl` to a `java.net.URI`. This changes\n the `uri()` method to handle malformed percent-escapes and characters\n forbidden by `URI`.\n * Fix: When a connect times out, attempt an alternate route. Previously route\n selection was less efficient when differentiating failures.\n * New: `Response.peekBody()` lets you access the response body without\n consuming it. This may be handy for interceptors!\n * New: `HttpUrl.newBuilder()` resolves a link to a builder.\n * New: Add the TLS version to the `Handshake`.\n * New: Drop `Request.uri()` and `Request#urlString()`. Just use\n `Request.url().uri()` and `Request.url().toString()`.\n * New: Add URL to HTTP response logging.\n * New: Make `HttpUrl` the blessed URL method of `Request`.\n\n\n## Version 2.x\n\n[Change log](changelog_2x.md)\n\n\n [bom]: https://en.wikipedia.org/wiki/Byte_order_mark\n [conscrypt]: https://github.com/google/conscrypt/\n [conscrypt_dependency]: https://github.com/google/conscrypt/#download\n [grpc_http2]: https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md\n [https_server_sample]: https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/HttpsServer.java\n [jetty_8_252]: https://webtide.com/jetty-alpn-java-8u252/\n [junit_5_rules]: https://junit.org/junit5/docs/current/user-guide/#migrating-from-junit4-rulesupport\n [major_versions]: https://jakewharton.com/java-interoperability-policy-for-major-version-updates/\n [maven_provided]: https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html\n [nginx_959]: https://trac.nginx.org/nginx/ticket/959\n [obsolete_apache_client]: https://gist.github.com/swankjesse/09721f72039e3a46cf50f94323deb82d\n [obsolete_url_factory]: https://gist.github.com/swankjesse/dd91c0a8854e1559b00f5fc9c7bfae70\n [okhttp_idling_resource]: https://github.com/JakeWharton/okhttp-idling-resource\n [public_suffix]: https://publicsuffix.org/\n [remove_cbc_ecdsa]: https://developers.google.com/web/updates/2016/12/chrome-56-deprecations#remove_cbc-mode_ecdsa_ciphers_in_tls\n [require_android_5]: https://code.cash.app/okhttp-3-13-requires-android-5\n [tls_configuration_history]: https://square.github.io/okhttp/tls_configuration_history/\n [upgrading_to_okhttp_4]: https://square.github.io/okhttp/upgrading_to_okhttp_4/\n"
},
{
"path": "docs/changelogs/changelog_4x.md",
"content": "OkHttp 4.x Change Log\n=====================\n\n## Version 4.12.0\n\n_2023-10-16_\n\n * Fix: Don't hang taking headers for HTTP 103 responses.\n\n * Fix: Recover gracefully when a cache entry's certificate is corrupted.\n\n * Fix: Fail permanently when there's a failure loading the bundled public suffix database.\n This is the dataset that powers `HttpUrl.topPrivateDomain()`.\n\n * Fix: Immediately update the connection's flow control window instead of waiting for the\n receiving stream to process it.\n\n This change may increase OkHttp's memory use for applications that make many concurrent HTTP\n calls and that can receive data faster than they can process it. Previously, OkHttp limited\n HTTP/2 to 16 MiB of unacknowledged data per connection. With this fix there is a limit of 16 MiB\n of unacknowledged data per stream and no per-connection limit.\n\n * Fix: Don't operate on a connection after it's been returned to the pool. This race occurred\n on failed web socket connection attempts.\n\n * Upgrade: [Okio 3.6.0][okio_3_6_0].\n\n * Upgrade: [Kotlin 1.8.21][kotlin_1_8_21].\n\n\n## Version 4.11.0\n\n_2023-04-22_\n\n * Fix: Don't fail the call when the response code is ‘HTTP 102 Processing’ or\n ‘HTTP 103 Early Hints’.\n * Fix: Read the response even if writing the request fails. This means you'll get a proper HTTP\n response even if the server rejects your request body.\n * Fix: Use literal IP addresses directly rather than passing them to `DnsOverHttps`.\n * Fix: Embed Proguard rules to prevent warnings from tools like DexGuard and R8. These warnings\n were triggered by OkHttp’s feature detection for TLS packages like `org.conscrypt`,\n `org.bouncycastle`, and `org.openjsse`.\n * Upgrade: Explicitly depend on `kotlin-stdlib-jdk8`. This fixes a problem with dependency\n locking. That's a potential security vulnerability, tracked as [CVE-2022-24329].\n * Upgrade: [publicsuffix.org data][public_suffix]. This powers `HttpUrl.topPrivateDomain()`.\n It's also how OkHttp knows which domains can share cookies with one another.\n * Upgrade: [Okio 3.2.0][okio_3_2_0].\n\n\n## Version 4.10.0\n\n_2022-06-12_\n\n * Upgrade: [Kotlin 1.6.20][kotlin_1_6_20].\n * Upgrade: [Okio 3.0.0][okio_3_0_0].\n * Fix: Recover gracefully when Android's `NativeCrypto` crashes with `\"ssl == null\"`. This occurs\n when OkHttp retrieves ALPN state on a closed connection.\n\n\n## Version 4.9.3\n\n_2021-11-21_\n\n * Fix: Don't fail HTTP/2 responses if they complete before a `RST_STREAM` is sent.\n\n\n## Version 4.9.2\n\n_2021-09-30_\n\n * Fix: Don't include potentially-sensitive header values in `Headers.toString()` or exceptions.\n This applies to `Authorization`, `Cookie`, `Proxy-Authorization`, and `Set-Cookie` headers.\n * Fix: Don't crash with an `InaccessibleObjectException` when running on JDK17+ with strong\n encapsulation enabled.\n * Fix: Strictly verify hostnames used with OkHttp's `HostnameVerifier`. Programs that make direct\n manual calls to `HostnameVerifier` could be defeated if the hostnames they pass in are not\n strictly ASCII. This issue is tracked as [CVE-2021-0341].\n\n\n## Version 4.9.1\n\n_2021-01-30_\n\n * Fix: Work around a crash in Android 10 and 11 that may be triggered when two threads\n concurrently close an SSL socket. This would have appeared in crash logs as\n `NullPointerException: bio == null`.\n\n\n## Version 4.9.0\n\n_2020-09-11_\n\n**With this release, `okhttp-tls` no longer depends on Bouncy Castle and doesn't install the\nBouncy Castle security provider.** If you still need it, you can do it yourself:\n\n```\nSecurity.addProvider(BouncyCastleProvider())\n```\n\nYou will also need to configure this dependency:\n\n```\ndependencies {\n implementation \"org.bouncycastle:bcprov-jdk15on:1.65\"\n}\n```\n\n * Upgrade: [Kotlin 1.4.10][kotlin_1_4_10]. We now use Kotlin 1.4.x [functional\n interfaces][fun_interface] for `Authenticator`, `Interceptor`, and others.\n * Upgrade: Build with Conscrypt 2.5.1.\n\n\n## Version 4.8.1\n\n_2020-08-06_\n\n * Fix: Don't crash in `HeldCertificate.Builder` when creating certificates on older versions of\n Android, including Android 6. We were using a feature of `SimpleDateFormat` that wasn't\n available in those versions!\n\n\n## Version 4.8.0\n\n_2020-07-11_\n\n * New: Change `HeldCertificate.Builder` to use its own ASN.1 certificate encoder. This is part\n of our effort to remove the okhttp-tls module's dependency on Bouncy Castle. We think Bouncy\n Castle is great! But it's a large dependency (6.5 MiB) and its security provider feature\n impacts VM-wide behavior.\n\n * New: Reduce contention for applications that make a very high number of concurrent requests.\n Previously OkHttp used its connection pool as a lock when making changes to connections and\n calls. With this change each connection is locked independently.\n\n * Upgrade: [Okio 2.7.0][okio_2_7_0].\n\n ```kotlin\n implementation(\"com.squareup.okio:okio:2.7.0\")\n ```\n\n * Fix: Avoid log messages like \"Didn't find class org.conscrypt.ConscryptHostnameVerifier\" when\n detecting the TLS capabilities of the host platform.\n\n * Fix: Don't crash in `HttpUrl.topPrivateDomain()` when the hostname is malformed.\n\n * Fix: Don't attempt Brotli decompression if the response body is empty.\n\n\n## Version 4.7.2\n\n_2020-05-20_\n\n * Fix: Don't crash inspecting whether the host platform is JVM or Android. With 4.7.0 and 4.7.1 we\n had a crash `IllegalArgumentException: Not a Conscrypt trust manager` because we depended on\n initialization order of companion objects.\n\n\n## Version 4.7.1\n\n_2020-05-18_\n\n * Fix: Pass the right arguments in the trust manager created for `addInsecureHost()`. Without the\n fix insecure hosts crash with an `IllegalArgumentException` on Android.\n\n\n## Version 4.7.0\n\n_2020-05-17_\n\n * New: `HandshakeCertificates.Builder.addInsecureHost()` makes it easy to turn off security in\n private development environments that only carry test data. Prefer this over creating an\n all-trusting `TrustManager` because only hosts on the allowlist are insecure. From\n [our DevServer sample][dev_server]:\n\n ```kotlin\n val clientCertificates = HandshakeCertificates.Builder()\n .addPlatformTrustedCertificates()\n .addInsecureHost(\"localhost\")\n .build()\n\n val client = OkHttpClient.Builder()\n .sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager)\n .build()\n ```\n\n * New: Add `cacheHit`, `cacheMiss`, and `cacheConditionalHit()` events to `EventListener`. Use\n these in logs, metrics, and even test cases to confirm your cache headers are configured as\n expected.\n\n * New: Constant string `okhttp3.VERSION`. This is a string like \"4.5.0-RC1\", \"4.5.0\", or\n \"4.6.0-SNAPSHOT\" indicating the version of OkHttp in the current runtime. Use this to include\n the OkHttp version in custom `User-Agent` headers.\n\n * Fix: Don't crash when running as a plugin in Android Studio Canary 4.1. To enable\n platform-specific TLS features OkHttp must detect whether it's running in a JVM or in Android.\n The upcoming Android Studio runs in a JVM but has classes from Android and that confused OkHttp!\n\n * Fix: Include the header `Accept: text/event-stream` for SSE calls. This header is not added if\n the request already contains an `Accept` header.\n\n * Fix: Don't crash with a `NullPointerException` if a server sends a close while we're sending a\n ping. OkHttp had a race condition bug.\n\n\n## Version 4.6.0\n\n_2020-04-28_\n\n * Fix: Follow HTTP 307 and 308 redirects on methods other than GET and POST. We're reluctant to\n change OkHttp's behavior in handling common HTTP status codes, but this fix is overdue! The new\n behavior is now consistent with [RFC 7231][rfc_7231_647], which is newer than OkHttp itself.\n If you want this update with the old behavior use [this interceptor][legacy_interceptor].\n\n * Fix: Don't crash decompressing web sockets messages. We had a bug where we assumed deflated\n bytes in would always yield deflated bytes out and this isn't always the case!\n\n * Fix: Reliably update and invalidate the disk cache on windows. As originally designed our\n internal `DiskLruCache` assumes an inode-like file system, where it's fine to delete files that\n are currently being read or written. On Windows the file system forbids this so we must be more\n careful when deleting and renaming files.\n\n * Fix: Don't crash on Java 8u252 which introduces an API previously found only on Java 9 and\n above. See [Jetty's overview][jetty_8_252] of the API change and its consequences.\n\n * New: `MultipartReader` is a streaming decoder for [MIME multipart (RFC 2045)][rfc_2045]\n messages. It complements `MultipartBody` which is our streaming encoder.\n\n ```kotlin\n val response: Response = call.execute()\n val multipartReader = MultipartReader(response.body!!)\n\n multipartReader.use {\n while (true) {\n val part = multipartReader.nextPart() ?: break\n process(part.headers, part.body)\n }\n }\n ```\n\n * New: `MediaType.parameter()` gets a parameter like `boundary` from a media type like\n `multipart/mixed; boundary=\"abc\"`.\n\n * New: `Authenticator.JAVA_NET_AUTHENTICATOR` forwards authentication requests to\n `java.net.Authenticator`. This obsoletes `JavaNetAuthenticator` in the `okhttp-urlconnection`\n module.\n\n * New: `CertificatePinner` now offers an API for inspecting the configured pins.\n\n * Upgrade: [Okio 2.6.0][okio_2_6_0].\n\n ```kotlin\n implementation(\"com.squareup.okio:okio:2.6.0\")\n ```\n\n * Upgrade: [publicsuffix.org data][public_suffix]. This powers `HttpUrl.topPrivateDomain()`.\n It's also how OkHttp knows which domains can share cookies with one another.\n\n * Upgrade: [Bouncy Castle 1.65][bouncy_castle_releases]. This dependency is required by the\n `okhttp-tls` module.\n\n * Upgrade: [Kotlin 1.3.71][kotlin_1_3_71].\n\n\n## Version 4.5.0\n\n_2020-04-06_\n\n**This release fixes a severe bug where OkHttp incorrectly detected and recovered from unhealthy\nconnections.** Stale or canceled connections were incorrectly attempted when they shouldn't have\nbeen, leading to rare cases of infinite retries. Please upgrade to this release!\n\n * Fix: don't return stale DNS entries in `DnsOverHttps`. We were caching DNS results indefinitely\n rather than the duration specified in the response's cache-control header.\n * Fix: Verify certificate IP addresses in canonical form. When a server presents a TLS certificate\n containing an IP address we must match that address against the URL's IP address, even when the\n two addresses are encoded differently, such as `192.168.1.1` and `0::0:0:FFFF:C0A8:101`. Note\n that OkHttp incorrectly rejected valid certificates resulting in a failure to connect; at no\n point were invalid certificates accepted.\n * New: `OkHttpClient.Builder.minWebSocketMessageToCompress()` configures a threshold for\n compressing outbound web socket messages. Configure this with 0L to always compress outbound\n messages and `Long.MAX_VALUE` to never compress outbound messages. The default is 1024L which\n compresses messages of size 1 KiB and larger. (Inbound messages are compressed or not based on\n the web socket server's configuration.)\n * New: Defer constructing `Inflater` and `Deflater` instances until they are needed. This saves\n memory if web socket compression is negotiated but not used.\n\n\n## Version 4.5.0-RC1\n\n_2020-03-17_\n\n**This release candidate turns on web socket compression.**\n\nThe [spec][rfc_7692] includes a sophisticated mechanism for client and server to negotiate\ncompression features. We strive to offer great performance in our default configuration and so we're\nmaking compression the default for everyone starting with this release candidate.\n\nPlease be considerate of your servers and their operators as you roll out this release. Compression\nsaves bandwidth but it costs CPU and memory! If you run into a problem you may need to adjust or\ndisable the `permessage-deflate` compression settings on your server.\n\nNote that OkHttp won't use compression when sending messages smaller than 1 KiB.\n\n * Fix: Don't crash when the URL hostname contains an underscore on Android.\n * Fix: Change HTTP/2 to use a daemon thread for its socket reader. If you've ever seen a command\n line application hang after all of the work is done, it may be due to a non-daemon thread like\n this one.\n * New: Include suppressed exceptions when all routes to a target service fail.\n\n\n## Version 4.4.1\n\n_2020-03-08_\n\n * Fix: Don't reuse a connection on redirect if certs match but DNS does not. For better\n locality and performance OkHttp attempts to use the same pooled connection across redirects and\n follow-ups. It independently shares connections when the IP addresses and certificates match,\n even if the host names do not. In 4.4.0 we introduced a regression where we shared a connection\n when certificates matched but the DNS addresses did not. This would only occur when following a\n redirect from one hostname to another, and where both hosts had common certificates.\n\n * Fix: Don't fail on a redirect when a client has configured a 'trust everything' trust manager.\n Typically this would cause certain redirects to fail in debug and development configurations.\n\n\n## Version 4.4.0\n\n_2020-02-17_\n\n * New: Support `canceled()` as an event that can be observed by `EventListener`. This should be\n useful for splitting out canceled calls in metrics.\n\n * New: Publish a [bill of materials (BOM)][bom] for OkHttp. Depend on this from Gradle or Maven to\n keep all of your OkHttp artifacts on the same version, even if they're declared via transitive\n dependencies. You can even omit versions when declaring other OkHttp dependencies.\n\n ```kotlin\n dependencies {\n api(platform(\"com.squareup.okhttp3:okhttp-bom:4.4.0\"))\n api(\"com.squareup.okhttp3:okhttp\") // No version!\n api(\"com.squareup.okhttp3:logging-interceptor\") // No version!\n }\n ```\n\n * New: Upgrade to Okio 2.4.3.\n\n ```kotlin\n implementation(\"com.squareup.okio:okio:2.4.3\")\n ```\n\n * Fix: Limit retry attempts for HTTP/2 `REFUSED_STREAM` and `CANCEL` failures.\n * Fix: Retry automatically when incorrectly sharing a connection among multiple hostnames. OkHttp\n shares connections when hosts share both IP addresses and certificates, such as `squareup.com`\n and `www.squareup.com`. If a server refuses such sharing it will return HTTP 421 and OkHttp will\n automatically retry on an unshared connection.\n * Fix: Don't crash if a TLS tunnel's response body is truncated.\n * Fix: Don't track unusable routes beyond their usefulness. We had a bug where we could track\n certain bad routes indefinitely; now we only track the ones that could be necessary.\n * Fix: Defer proxy selection until a proxy is required. This saves calls to `ProxySelector` on\n calls that use a pooled connection.\n\n\n## Version 4.3.1\n\n_2020-01-07_\n\n * Fix: Don't crash with a `NullPointerException` when a web socket is closed before it connects.\n This regression was introduced in OkHttp 4.3.0.\n * Fix: Don't crash with an `IllegalArgumentException` when using custom trust managers on\n Android 10. Android uses reflection to look up a magic `checkServerTrusted()` method and we\n didn't have it.\n * Fix: Explicitly specify the remote server name when making HTTPS connections on Android 5. In\n 4.3.0 we introduced a regression where server name indication (SNI) was broken on Android 5.\n\n\n## Version 4.3.0\n\n_2019-12-31_\n\n * Fix: Degrade HTTP/2 connections after a timeout. When an HTTP/2 stream times out it may impact\n the stream only or the entire connection. With this fix OkHttp will now send HTTP/2 pings after\n a stream timeout to determine whether the connection should remain eligible for pooling.\n\n * Fix: Don't call `EventListener.responseHeadersStart()` or `responseBodyStart()` until bytes have\n been received. Previously these events were incorrectly sent too early, when OkHttp was ready to\n read the response headers or body, which mislead tracing tools. Note that the `responseFailed()`\n event always used to follow one of these events; now it may be sent without them.\n\n * New: Upgrade to Kotlin 1.3.61.\n\n * New: Match any number of subdomains with two asterisks in `CertificatePinner`. For example,\n `**.squareup.com` matches `us-west.www.squareup.com`, `www.squareup.com` and `squareup.com`.\n\n * New: Share threads more aggressively between OkHttp's HTTP/2 connections, connection pool,\n web sockets, and cache. OkHttp has a new internal task runner abstraction for managed task\n scheduling. In your debugger you will see new thread names and more use of daemon threads.\n\n * Fix: Don't drop callbacks on unexpected exceptions. When an interceptor throws an unchecked\n exception the callback is now notified that the call was canceled. The exception is still sent\n to the uncaught exception handler for reporting and recovery.\n\n * Fix: Un-deprecate `MockResponse.setHeaders()` and other setters. These were deprecated in OkHttp\n 4.0 but that broke method chaining for Java callers.\n\n * Fix: Don't crash on HTTP/2 HEAD requests when the `Content-Length` header is present but is not\n consistent with the length of the response body.\n\n * Fix: Don't crash when converting a `HttpUrl` instance with an unresolvable hostname to a URI.\n The new behavior strips invalid characters like `\"` and `{` from the hostname before converting.\n\n * Fix: Undo a performance regression introduced in OkHttp 4.0 caused by differences in behavior\n between Kotlin's `assert()` and Java's `assert()`. (Kotlin always evaluates the argument; Java\n only does when assertions are enabled.)\n\n * Fix: Honor `RequestBody.isOneShot()` in `HttpLoggingInterceptor`.\n\n\n## Version 4.2.2\n\n_2019-10-06_\n\n * Fix: When closing a canceled HTTP/2 stream, don't send the `END_STREAM` flag. This could cause\n the server to incorrectly interpret the stream as having completed normally. This is most useful\n when a request body needs to cancel its own call.\n\n\n## Version 4.2.1\n\n_2019-10-02_\n\n * Fix: In 4.1.0 we introduced a performance regression that prevented connections from being\n pooled in certain situations. We have good test coverage for connection pooling but we missed\n this because it only occurs if you have proxy configured and you share a connection pool among\n multiple `OkHttpClient` instances.\n\n This particularly-subtle bug was caused by us assigning each `OkHttpClient` instance its own\n `NullProxySelector` when an explicit proxy is configured. But we don't share connections when\n the proxy selectors are different. Ugh!\n\n\n## Version 4.2.0\n\n_2019-09-10_\n\n * New: API to decode a certificate and private key to create a `HeldCertificate`. This accepts a\n string containing both a certificate and PKCS #8-encoded private key.\n\n ```kotlin\n val heldCertificate = HeldCertificate.decode(\"\"\"\n |-----BEGIN CERTIFICATE-----\n |MIIBYTCCAQegAwIBAgIBKjAKBggqhkjOPQQDAjApMRQwEgYDVQQLEwtlbmdpbmVl\n |cmluZzERMA8GA1UEAxMIY2FzaC5hcHAwHhcNNzAwMTAxMDAwMDA1WhcNNzAwMTAx\n |MDAwMDEwWjApMRQwEgYDVQQLEwtlbmdpbmVlcmluZzERMA8GA1UEAxMIY2FzaC5h\n |cHAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASda8ChkQXxGELnrV/oBnIAx3dD\n |ocUOJfdz4pOJTP6dVQB9U3UBiW5uSX/MoOD0LL5zG3bVyL3Y6pDwKuYvfLNhoyAw\n |HjAcBgNVHREBAf8EEjAQhwQBAQEBgghjYXNoLmFwcDAKBggqhkjOPQQDAgNIADBF\n |AiAyHHg1N6YDDQiY920+cnI5XSZwEGhAtb9PYWO8bLmkcQIhAI2CfEZf3V/obmdT\n |yyaoEufLKVXhrTQhRfodTeigi4RX\n |-----END CERTIFICATE-----\n |-----BEGIN PRIVATE KEY-----\n |MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCA7ODT0xhGSNn4ESj6J\n |lu/GJQZoU9lDrCPeUcQ28tzOWw==\n |-----END PRIVATE KEY-----\n \"\"\".trimMargin())\n val handshakeCertificates = HandshakeCertificates.Builder()\n .heldCertificate(heldCertificate)\n .build()\n val server = MockWebServer()\n server.useHttps(handshakeCertificates.sslSocketFactory(), false)\n ```\n\n Get these strings with `HeldCertificate.certificatePem()` and `privateKeyPkcs8Pem()`.\n\n * Fix: Handshake now returns peer certificates in canonical order: each certificate is signed by\n the certificate that follows and the last certificate is signed by a trusted root.\n\n * Fix: Don't lose HTTP/2 flow control bytes when incoming data races with a stream close. If this\n happened enough then eventually the connection would stall.\n\n * Fix: Acknowledge and apply inbound HTTP/2 settings atomically. Previously we had a race where we\n could use new flow control capacity before acknowledging it, causing strict HTTP/2 servers to\n fail the call.\n\n\n## Version 4.1.1\n\n_2019-09-05_\n\n * Fix: Don't drop repeated headers when validating cached responses. In our Kotlin upgrade we\n introduced a regression where we iterated the number of unique header names rather than then\n number of unique headers. If you're using OkHttp's response cache this may impact you.\n\n\n## Version 4.1.0\n\n_2019-08-12_\n\n [brotli]: https://github.com/google/brotli\n\n * **OkHttp's new okhttp-brotli module implements Brotli compression.** Install the interceptor to\n enable [Brotli compression][brotli], which compresses 5-20% smaller than gzip.\n\n ```\n val client = OkHttpClient.Builder()\n .addInterceptor(BrotliInterceptor)\n .build()\n ```\n\n This artifact has a dependency on Google's Brotli decoder (95 KiB).\n\n * New: `EventListener.proxySelectStart()`, `proxySelectEnd()` events give visibility into the\n proxy selection process.\n * New: `Response.byteString()` reads the entire response into memory as a byte string.\n * New: `OkHttpClient.x509TrustManager` accessor.\n * New: Permit [new WebSocket response codes][iana_websocket]: 1012 (Service Restart), 1013 (Try\n Again Later), and 1014 (invalid response from the upstream).\n * New: Build with Kotlin 1.3.41, BouncyCastle 1.62, and Conscrypt 2.2.1.\n * Fix: Recover gracefully when a coalesced connection immediately goes unhealthy.\n * Fix: Defer the `SecurityException` when looking up the default proxy selector.\n * Fix: Don't use brackets formatting IPv6 host names in MockWebServer.\n * Fix: Don't permit cache iterators to remove entries that are being written.\n\n\n## Version 4.0.1\n\n_2019-07-10_\n\n * Fix: Tolerate null-hostile lists in public API. Lists created with `List.of(...)` don't like it\n when you call `contains(null)` on them!\n * Fix: Retain binary-compatibility in `okhttp3.internal.HttpHeaders.hasBody()`. Some unscrupulous\n coders call this and we don't want their users to suffer.\n\n\n## Version 4.0.0\n\n_2019-06-26_\n\n**This release upgrades OkHttp to Kotlin.** We tried our best to make fast and safe to upgrade\nfrom OkHttp 3.x. We wrote an [upgrade guide][upgrading_to_okhttp_4] to help with the migration and a\n[blog post][okhttp4_blog_post] to explain it.\n\n * Fix: Target Java 8 bytecode for Java and Kotlin.\n\n\n## Version 4.0.0-RC3\n\n_2019-06-24_\n\n * Fix: Retain binary-compatibility in `okhttp3.internal.HttpMethod`. Naughty third party SDKs\n import this and we want to ease upgrades for their users.\n\n\n## Version 4.0.0-RC2\n\n_2019-06-21_\n\n * New: Require Kotlin 1.3.40.\n * New: Change the Kotlin API from `File.toRequestBody()` to `File.asRequestBody()` and\n `BufferedSource.toResponseBody()` to `BufferedSource.asResponseBody()`. If the returned value\n is a view of what created it, we use _as_.\n * Fix: Permit response codes of zero for compatibility with OkHttp 3.x.\n * Fix: Change the return type of `MockWebServer.takeRequest()` to be nullable.\n * Fix: Make `Call.clone()` public to Kotlin callers.\n\n\n## Version 4.0.0-RC1\n\n_2019-06-03_\n\n * First stable preview of OkHttp 4.\n\n\n## Version 3.x\n\n[Change log](https://square.github.io/okhttp/changelog_3x/)\n\n\n [bom]: https://docs.gradle.org/6.2/userguide/platforms.html#sub:bom_import\n [bouncy_castle_releases]: https://www.bouncycastle.org/releasenotes.html\n [CVE-2021-0341]: https://nvd.nist.gov/vuln/detail/CVE-2021-0341\n [CVE-2022-24329]: https://nvd.nist.gov/vuln/detail/CVE-2022-24329\n [dev_server]: https://github.com/square/okhttp/blob/482f88300f78c3419b04379fc26c3683c10d6a9d/samples/guide/src/main/java/okhttp3/recipes/kt/DevServer.kt\n [fun_interface]: https://kotlinlang.org/docs/reference/fun-interfaces.html\n [iana_websocket]: https://www.iana.org/assignments/websocket/websocket.txt\n [jetty_8_252]: https://webtide.com/jetty-alpn-java-8u252/\n [kotlin_1_3_71]: https://github.com/JetBrains/kotlin/releases/tag/v1.3.71\n [kotlin_1_4_10]: https://github.com/JetBrains/kotlin/releases/tag/v1.4.10\n [kotlin_1_6_20]: https://github.com/JetBrains/kotlin/releases/tag/v1.6.20\n [kotlin_1_8_21]: https://github.com/JetBrains/kotlin/releases/tag/v1.8.21\n [legacy_interceptor]: https://gist.github.com/swankjesse/80135f4e03629527e723ab3bcf64be0b\n [okhttp4_blog_post]: https://cashapp.github.io/2019-06-26/okhttp-4-goes-kotlin\n [okio.FileSystem]: https://square.github.io/okio/file_system/\n [okio_2_6_0]: https://square.github.io/okio/changelog/#version-260\n [okio_2_7_0]: https://square.github.io/okio/changelog/#version-270\n [okio_3_0_0]: https://square.github.io/okio/changelog/#version-300\n [okio_3_2_0]: https://square.github.io/okio/changelog/#version-320\n [okio_3_6_0]: https://square.github.io/okio/changelog/#version-360\n [public_suffix]: https://publicsuffix.org/\n [rfc_2045]: https://tools.ietf.org/html/rfc2045\n [rfc_7231_647]: https://tools.ietf.org/html/rfc7231#section-6.4.7\n [rfc_7692]: https://tools.ietf.org/html/rfc7692\n [semver]: https://semver.org/\n [upgrading_to_okhttp_4]: https://square.github.io/okhttp/upgrading_to_okhttp_4/\n"
},
{
"path": "docs/changelogs/upgrading_to_okhttp_4.md",
"content": "Upgrading to OkHttp 4\n=====================\n\nOkHttp 4.x upgrades our implementation language from Java to Kotlin and keeps everything else the\nsame. We’ve chosen Kotlin because it gives us powerful new capabilities while integrating closely\nwith Java.\n\nWe spent a lot of time and energy on retaining strict compatibility with OkHttp 3.x. We’re even\nkeeping the package name the same: `okhttp3`!\n\nThere are three kinds of compatibility we’re tracking:\n\n * **Binary compatibility** is the ability to compile a program against OkHttp 3.x, and then to run\n it against OkHttp 4.x. We’re using the excellent [japicmp][japicmp] library via its\n [Gradle plugin][japicmp_gradle] to enforce binary compatibility.\n\n * **Java source compatibility** is the ability to upgrade Java uses of OkHttp 3.x to 4.x without\n changing `.java` files.\n\n * **Kotlin source compatibility** is the ability to upgrade Kotlin uses of OkHttp 3.x to 4.x\n without changing `.kt` files.\n\nWith a few small exceptions (below), OkHttp 4.x is both binary- and Java source-compatible with\nOkHttp 3.x. You can use an OkHttp 4.x .jar file with applications or libraries built for OkHttp 3.x.\n\nOkHttp is **not** source-compatible for Kotlin callers, but upgrading should be automatic thanks to\nKotlin’s powerful deprecation features. Most developers should be able to use IntelliJ’s _Code\nCleanup_ for a safe and fast upgrade.\n\n\nBackwards-Incompatible Changes\n------------------------------\n\n#### OkHttpClient final methods\n\n`OkHttpClient` has 26 accessors like `interceptors()` and `writeTimeoutMillis()` that were non-final\nin OkHttp 3.x and are final in 4.x. These were made non-final for use with mocking frameworks like\n[Mockito][mockito]. We believe subtyping `OkHttpClient` is the wrong way to test with OkHttp. If\nyou must, mock `Call.Factory` which is the interface that `OkHttpClient` implements.\n\n#### Internal API changes\n\nThe `okhttp3.internal` package is not a published API and we change it frequently without warning.\nDepending on code in this package is bad and will cause you problems with any upgrade! But the 4.x\nwill be particularly painful to naughty developers that import from this package! We changed a lot\nto take advantage of sweet Kotlin features.\n\n#### Credentials.basic()\n\nThe username and password parameters to `Credentials.basic()` are now non-null strings. In OkHttp\n3.x, null would yield a username or password of \"null\".\n\n#### HttpUrl.queryParameterValues()\n\nThe return type of `HttpUrl.queryParameterValues()` is `List`. Lists that may contain null\nare uncommon and Kotlin callers may have incorrectly assigned the result to `List`.\n\n\nCode Cleanup\n------------\n\nIntelliJ and Android Studio offer a **Code Cleanup** feature that will automatically update\ndeprecated APIs with their replacements. Access this feature from the _Search Anywhere_ dialog\n(double-press shift) or under the _Analyze_ menu.\n\nWe’ve included deprecated APIs in OkHttp 4.0 because they make migration easy. We will remove them\nin a future release! If you’re skipping releases, it’ll be much easier if you upgrade to OkHttp 4.0\nas an intermediate step.\n\n#### Vars and Vals\n\nJava doesn’t have language support for properties so developers make do with getters and setters.\nKotlin does have properties and we take advantage of them in OkHttp.\n\n * **Address**: certificatePinner, connectionSpecs, dns, hostnameVerifier, protocols, proxy,\n proxyAuthenticator, proxySelector, socketFactory, sslSocketFactory, url\n * **Cache**: directory\n * **CacheControl**: immutable, maxAgeSeconds, maxStaleSeconds, minFreshSeconds, mustRevalidate,\n noCache, noStore, noTransform, onlyIfCached, sMaxAgeSeconds\n * **Challenge**: authParams, charset, realm, scheme\n * **CipherSuite**: javaName\n * **ConnectionSpec**: cipherSuites, supportsTlsExtensions, tlsVersions\n * **Cookie**: domain, expiresAt, hostOnly, httpOnly, name, path, persistent, value\n * **Dispatcher**: executorService\n * **FormBody**: size\n * **Handshake**: cipherSuite, localCertificates, localPrincipal, peerCertificates, peerPrincipal,\n tlsVersion\n * **HandshakeCertificates**: keyManager, trustManager\n * **Headers**: size\n * **HeldCertificate**: certificate, keyPair\n * **HttpLoggingInterceptor**: level\n * **HttpUrl**: encodedFragment, encodedPassword, encodedPath, encodedPathSegments, encodedQuery,\n encodedUsername, fragment, host, password, pathSegments, pathSize, port, query,\n queryParameterNames, querySize, scheme, username\n * **MockResponse**: headers, http2ErrorCode, socketPolicy, status, trailers\n * **MockWebServer**: bodyLimit, port, protocolNegotiationEnabled, protocols, requestCount,\n serverSocketFactory\n * **MultipartBody.Part**: body, headers\n * **MultipartBody.**: boundary, parts, size, type\n * **OkHttpClient**: authenticator, cache, callTimeoutMillis, certificatePinner,\n connectTimeoutMillis, connectionPool, connectionSpecs, cookieJar, dispatcher, dns,\n eventListenerFactory, followRedirects, followSslRedirects, hostnameVerifier, interceptors,\n networkInterceptors, pingIntervalMillis, protocols, proxy, proxyAuthenticator, proxySelector,\n readTimeoutMillis, retryOnConnectionFailure, socketFactory, sslSocketFactory, writeTimeoutMillis\n * **PushPromise**: headers, method, path, response\n * **Request**: body, cacheControl, headers, method, url\n * **Response**: body, cacheControl, cacheResponse, code, handshake, headers, message,\n networkResponse, priorResponse, protocol, receivedResponseAtMillis, request, sentRequestAtMillis\n * **Route**: address, proxy, socketAddress\n * **TlsVersion**: javaName\n\n#### Renamed Functions\n\n* **Headers.of()**: for symmetry with `listOf()`, `setOf()`, etc., we’ve replaced\n `Headers.of(String...)` with `headersOf(vararg String)`.\n\n#### Extension Functions\n\nWe’ve migrated from static functions to extension functions where we think they fit.\n\n| Java | Kotlin |\n| :---------------------------------- | :------------------------------ |\n| Handshake.get(SSLSession) | SSLSession.handshake() |\n| Headers.of(Map) | Map.toHeaders() |\n| HttpUrl.get(String) | String.toHttpUrl() |\n| HttpUrl.get(URI) | URI.toHttpUrlOrNull() |\n| HttpUrl.get(URL) | URL.toHttpUrlOrNull() |\n| HttpUrl.parse(String) | String.toHttpUrlOrNull() |\n| HttpUrl.uri() | HttpUrl.toUri() |\n| HttpUrl.url() | HttpUrl.toUrl() |\n| MediaType.get(String) | String.toMediaType() |\n| MediaType.parse(String) | String.toMediaTypeOrNull() |\n| RequestBody.create(ByteArray) | ByteArray.toRequestBody() |\n| RequestBody.create(ByteString) | ByteString.toRequestBody() |\n| RequestBody.create(File) | File.asRequestBody() |\n| RequestBody.create(String) | String.toRequestBody() |\n| ResponseBody.create(BufferedSource) | BufferedSource.asResponseBody() |\n| ResponseBody.create(ByteArray) | ByteArray.toResponseBody() |\n| ResponseBody.create(ByteString) | ByteString.toResponseBody() |\n| ResponseBody.create(String) | String.toResponseBody() |\n\n\nSAM Conversions\n---------------\n\nWhen you use Java APIs from Kotlin you can operate on Java interfaces as if they were Kotlin\nlambdas. The [feature][java_sams] is available for interfaces that define a Single Abstract Method\n(SAM).\n\nBut when you use Kotlin APIs from Kotlin there’s no automatic conversion. Code that used SAM lambdas\nwith OkHttp 3.x: must use `object :` with OkHttp 4.x:\n\nKotlin calling OkHttp 3.x:\n\n```kotlin\nval client = OkHttpClient.Builder()\n .dns { hostname -> InetAddress.getAllByName(hostname).toList() }\n .build()\n```\n\nKotlin calling OkHttp 4.x:\n\n```kotlin\nval client = OkHttpClient.Builder()\n .dns(object : Dns {\n override fun lookup(hostname: String) =\n InetAddress.getAllByName(hostname).toList()\n })\n .build()\n```\n\nSAM conversion impacts these APIs:\n\n * Authenticator\n * Dispatcher.setIdleCallback(Runnable)\n * Dns\n * EventListener.Factory\n * HttpLoggingInterceptor.Logger\n * LoggingEventListener.Factory\n * OkHttpClient.Builder.hostnameVerifier(HostnameVerifier)\n\nJetBrains [is working on][kotlin_sams] SAM conversions of Kotlin interfaces. Expect it in a future\nrelease of the Kotlin language.\n\n\nCompanion Imports\n-----------------\n\nThe equivalent of static methods in Java is companion object functions in Kotlin. The bytecode is\nthe same but `.kt` files now need `Companion` in the import.\n\nThis works with OkHttp 3.x:\n\n```kotlin\nimport okhttp3.CipherSuite.forJavaName\n```\n\nBut OkHttp 4.x needs a `Companion`:\n\n```kotlin\nimport okhttp3.CipherSuite.Companion.forJavaName\n```\n\nIn the unlikely event that you have a lot of these, run this:\n\n```bash\nsed -i \"\" \\\n 's/^\\(import okhttp3\\.[^.]*\\)\\.\\([a-z][a-zA-Z]*\\)$/\\1.Companion.\\2/g' \\\n `find . -name \"*.kt\"`\n```\n\n\nAdvanced Profiling\n------------------\n\nAndroid Studio’s Advanced Profiling feature rewrites OkHttp bytecode for instrumentation.\nUnfortunately it crashes on OkHttp 4.x’s bytecode. Until [Google’s bug][advanced_profiling_bug] is\nfixed you must disable advanced profiling in Android Studio.\n\n\n\n\nR8 / ProGuard\n-------------\n\nR8 and ProGuard are both code optimizers for `.class` files.\n\nR8 is the [default optimizer][r8] in Android Studio 3.4 and newer. It works well with all\nreleases of OkHttp.\n\nProGuard was the previous default. We’re [tracking problems][proguard_problems] with interactions\nbetween ProGuard, OkHttp 4.x, and Kotlin-originated `.class` files. Make sure you’re on the latest\nrelease if you’re using ProGuard,\n\n\nGradle\n------\n\nOkHttp 4’s minimum requirements are Java 8+ and Android 5+. These requirements were\n[first introduced][require_android_5] with OkHttp 3.13.\n\nHere’s what you need in `build.gradle` to target Java 8 byte code for Kotlin, Java, and Android\nplugins respectively.\n\n```groovy\ncompileKotlin {\n kotlinOptions {\n jvmTarget = \"1.8\"\n }\n}\ncompileTestKotlin {\n kotlinOptions {\n jvmTarget = \"1.8\"\n }\n}\n\ncompileJava {\n sourceCompatibility = JavaVersion.VERSION_1_8\n targetCompatibility = JavaVersion.VERSION_1_8\n}\n\nandroid {\n compileOptions {\n sourceCompatibility JavaVersion.VERSION_1_8\n targetCompatibility JavaVersion.VERSION_1_8\n }\n}\n```\n\n\n [advanced_profiling_bug]: https://issuetracker.google.com/issues/135141615\n [japicmp]: https://github.com/siom79/japicmp\n [japicmp_gradle]: https://github.com/melix/japicmp-gradle-plugin\n [java_sams]: https://kotlinlang.org/docs/reference/java-interop.html#sam-conversions\n [kotlin_sams]: https://youtrack.jetbrains.com/issue/KT-11129\n [mockito]: https://site.mockito.org/\n [proguard_problems]: https://github.com/square/okhttp/issues/5167\n [require_android_5]: https://code.cash.app/okhttp-3-13-requires-android-5\n [r8]: https://developer.android.com/studio/releases#r8-default\n"
},
{
"path": "docs/contribute/code_of_conduct.md",
"content": "Open Source Code of Conduct\n===========================\n\nAt Square, we are committed to contributing to the open source community and simplifying the process\nof releasing and managing open source software. We’ve seen incredible support and enthusiasm from\nthousands of people who have already contributed to our projects — and we want to ensure our community\ncontinues to be truly open for everyone.\n\nThis code of conduct outlines our expectations for participants, as well as steps to reporting\nunacceptable behavior. We are committed to providing a welcoming and inspiring community for all and\nexpect our code of conduct to be honored.\n\nSquare’s open source community strives to:\n\n * **Be open**: We invite anyone to participate in any aspect of our projects. Our community is\n open, and any responsibility can be carried by a contributor who demonstrates the required\n capacity and competence.\n\n * **Be considerate**: People use our work, and we depend on the work of others. Consider users and\n colleagues before taking action. For example, changes to code, infrastructure, policy, and\n documentation may negatively impact others.\n\n * **Be respectful**: We expect people to work together to resolve conflict, assume good intentions,\n and act with empathy. Do not turn disagreements into personal attacks.\n\n * **Be collaborative**: Collaboration reduces redundancy and improves the quality of our work. We\n strive for transparency within our open source community, and we work closely with upstream\n developers and others in the free software community to coordinate our efforts.\n\n * **Be pragmatic**: Questions are encouraged and should be asked early in the process to avoid\n problems later. Be thoughtful and considerate when seeking out the appropriate forum for your\n questions. Those who are asked should be responsive and helpful.\n\n * **Step down considerately**: Members of every project come and go. When somebody leaves or\n disengages from the project, they should make it known and take the proper steps to ensure that\n others can pick up where they left off.\n\nThis code is not exhaustive or complete. It serves to distill our common understanding of a\ncollaborative, shared environment, and goals. We expect it to be followed in spirit as much as in\nthe letter.\n\nDiversity Statement\n-------------------\n\nWe encourage everyone to participate and are committed to building a community for all. Although we\nmay not be able to satisfy everyone, we all agree that everyone is equal.\n\nWhenever a participant has made a mistake, we expect them to take responsibility for it. If someone\nhas been harmed or offended, it is our responsibility to listen carefully and respectfully, and do\nour best to right the wrong.\n\nAlthough this list cannot be exhaustive, we explicitly honor diversity in age, culture, ethnicity,\ngender identity or expression, language, national origin, political beliefs, profession, race,\nreligion, sexual orientation, socioeconomic status, and technical ability. We will not tolerate\ndiscrimination based on any of the protected characteristics above, including participants with\ndisabilities.\n\nReporting Issues\n----------------\n\nIf you experience or witness unacceptable behavior — or have any other concerns — please report it by\nemailing [codeofconduct@squareup.com][codeofconduct_at]. For more details, please see our Reporting\nGuidelines below.\n\nThanks\n------\n\nSome of the ideas and wording for the statements and guidelines above were based on work by the\n[Twitter][twitter_coc], [Ubuntu][ubuntu_coc], [GDC][gdc_coc], and [Django][django_coc] communities.\nWe are thankful for their work.\n\nReporting Guide\n---------------\n\nIf you experience or witness unacceptable behavior — or have any other concerns — please report it by\nemailing [codeofconduct@squareup.com][codeofconduct_at]. All reports will be handled with\ndiscretion.\n\nIn your report please include:\n\n * Your contact information.\n * Names (real, nicknames, or pseudonyms) of any individuals involved. If there are additional\n witnesses, please include them as well.\n * Your account of what occurred, and if you believe the incident is ongoing. If there is a publicly\n available record (e.g. a mailing list archive or a public IRC logger), please include a link.\n * Any additional information that may be helpful.\n\nAfter filing a report, a representative from the Square Code of Conduct committee will contact you\npersonally. The committee will then review the incident, follow up with any additional questions,\nand make a decision as to how to respond.\n\nAnyone asked to stop unacceptable behavior is expected to comply immediately. If an individual\nengages in unacceptable behavior, the Square Code of Conduct committee may take any action they deem\nappropriate, up to and including a permanent ban from all of Square spaces without warning.\n\n\n[codeofconduct_at]: mailto:codeofconduct@squareup.com\n[twitter_coc]: https://github.com/twitter/code-of-conduct/blob/master/code-of-conduct.md\n[ubuntu_coc]: https://ubuntu.com/community/code-of-conduct\n[gdc_coc]: https://www.gdconf.com/code-of-conduct\n[django_coc]: https://www.djangoproject.com/conduct/reporting/\n\n"
},
{
"path": "docs/contribute/concurrency.md",
"content": "Concurrency\n===========\n\nThis document describes the concurrency considerations for http/2 connections and the connection pool within OkHttp.\n\n## HTTP/2 Connections\n\nThe HttpURLConnection API is a blocking API. You make a blocking write to send a request, and a blocking read to receive the response.\n\n#### Blocking APIs\n\nBlocking APIs are convenient because you get top-to-bottom procedural code without indirection. Network calls work like regular method calls: ask for data and it is returned. If the request fails, you get a stacktrace right where the call was made.\n\nBlocking APIs may be inefficient because you hold a thread idle while waiting on the network. Threads are expensive because they have both a memory overhead and a context-switching overhead.\n\n#### Framed protocols\n\nFramed protocols like http/2 don't lend themselves to blocking APIs. Each application-layer thread wants to do blocking I/O for a specific stream, but the streams are multiplexed on the socket. You can't just talk to the socket, you need to cooperate with the other application-layer threads that you're sharing it with.\n\nFraming rules make it impractical to implement http/2 correctly on a single blocking thread. The flow-control features introduce feedback between reads and writes, requiring writes to acknowledge reads and reads to throttle writes.\n\nIn OkHttp we expose a blocking API over a framed protocol. This document explains the code and policy that makes that work.\n\n### Threads\n\n#### Application's calling thread\n\nThe application-layer must block on writing I/O. We can't return from a write until we've pushed its bytes onto the socket. Otherwise, if the write fails we are unable to deliver its IOException to the application. We would have told the application layer that the write succeeded, but it didn't!\n\nThe application-layer can also do blocking reads. If the application asks to read and there's nothing available, we need to hold that thread until either the bytes arrive, the stream is closed, or a timeout elapses. If we get bytes but there's nobody asking for them, we buffer them. We don't consider bytes as delivered for flow control until they're consumed by the application.\n\nConsider an application streaming a video over http/2. Perhaps the user pauses the video and the application stops reading bytes from this stream. The buffer will fill up, and flow control prevents the server from sending more data on this stream. When the user unpauses her video the buffer drains, the read is acknowledged, and the server proceeds to stream data.\n\n#### Shared reader thread\n\nWe can't rely on application threads to read data from the socket. Application threads are transient: sometimes they're reading and writing and sometimes they're off doing application-layer things. But the socket is permanent, and it needs constant attention: we dispatch all incoming frames so the connection is good-to-go when the application layer needs it.\n\nSo we have a dedicated thread for every socket that just reads frames and dispatches them.\n\nThe reader thread must never run application-layer code. Otherwise one slow stream can hold up the entire connection.\n\nSimilarly, the reader thread must never block on writing because this can deadlock the connection. Consider a client and server that both violate this rule. If you get unlucky, they could fill up their TCP buffers (so that writes block) and then use their reader threads to write a frame. Nobody is reading on either end, and the buffers are never drained.\n\n#### Do-stuff-later pool\n\nSometimes there's an action required like calling the application layer or responding to a ping, and the thread discovering the action is not the thread that should do the work. We enqueue a runnable on this executor and it gets handled by one of the executor's threads.\n\n### Locks\n\nWe have 3 different things that we synchronize on.\n\n#### Http2Connection\n\nThis lock guards internal state of each connection. This lock is never held for blocking operations. That means that we acquire the lock, read or write a few fields and release the lock. No I/O and no application-layer callbacks.\n\n#### Http2Stream\n\nThis lock guards the internal state of each stream. As above, it is never held for blocking operations. When we need to hold an application thread to block a read, we use wait/notify on this lock. This works because the lock is released while `wait()` is waiting.\n\n#### Http2Writer\n\nSocket writes are guarded by the Http2Writer. Only one stream can write at a time so that messages are not interleaved. Writes are either made by application-layer threads or the do-stuff-later pool.\n\n### Holding multiple locks\n\nYou're allowed to take the Http2Connection lock while holding the Http2Writer lock. But not vice-versa. Because taking the Http2Writer lock can block.\n\nThis is necessary for bookkeeping when creating new streams. Correct framing requires that stream IDs are sequential on the socket, so we need to bundle assigning the ID with sending the `SYN_STREAM` frame.\n\n## Connection Pool\n\nA primary responsibility for any HTTP client is to efficiently manage network connections. Creating and establishing new connections require a fair amount of overhead and added latency. OkHttp will make every effort to reuse existing connections to avoid this overhead and added latency.\n\nEvery OkHttpClient uses a connection pool. Its job is to maintain a reference to all open connections. When an HTTP request is started, OkHttp will attempt to reuse an existing connection from the pool. If there are no existing connections, a new one is created and put into the connection pool. For HTTP/2, the connection can be reused immediately. For HTTP/1, the request must be completed before it can be reused.\n\nSince HTTP requests frequently happen in parallel, connection pooling must be thread-safe.\n\nThese are the primary classes involved with establishing, sharing, and terminating connections:\n\n * **RealConnectionPool** manages reuse of HTTP and HTTP/2 connections for reduced latency. Every OkHttpClient has one, and its lifetime spans the lifetime of the OkHttpClient.\n\n * **RealConnection** is the socket and streams of an HTTP/1 or HTTP/2 connection. These are created on demand to fulfill HTTP requests. They may be reused for many HTTP request/response exchanges. Their lifetime is typically shorter than a connection pool.\n\n * **Exchange** carries a single HTTP request/response pair.\n\n * **ExchangeFinder** chooses which connection carries each exchange. Where possible it will use the same connection for all exchanges in a single call. It prefers reusing pooled connections over establishing new connections. \n\n#### Per-Connection Locks\n\nEach connection has its own lock. The connections in the pool are all in a `ConcurrentLinkedQueue`. Due to data races, iterators of this queue may return removed connections. Callers must check the connection's `noNewExchanges` property before using connections from the pool.\n\nThe connection lock is never held while doing I/O (even closing a socket) to prevent contention.\n\nA lock-per-connection is used to maximize concurrency.\n"
},
{
"path": "docs/contribute/contributing.md",
"content": "Contributing\n============\n\nKeeping the project small and stable limits our ability to accept new contributors. We are not\nseeking new committers at this time, but some small contributions are welcome.\n\nIf you've found a security problem, please follow our [bug bounty][security] program.\n\nIf you've found a bug, please contribute a failing test case so we can study and fix it.\n\nIf you have a new feature idea, please build it in an external library. There are\n[many libraries][works_with_okhttp] that sit on top or hook in via existing APIs. If you build\nsomething that integrates with OkHttp, tell us so that we can link it!\n\nBefore code can be accepted all contributors must complete our\n[Individual Contributor License Agreement (CLA)][cla].\n\n\nCode Contributions\n------------------\n\nGet working code on a personal branch with tests passing before you submit a PR:\n\n```\n./gradlew clean check\n```\n\nPlease make every effort to follow existing conventions and style in order to keep the code as\nreadable as possible.\n\nContribute code changes through GitHub by forking the repository and sending a pull request. We\nsquash all pull requests on merge.\n\n\nGradle Setup\n------------\n\n```\n$ cat local.properties\nsdk.dir=PATH_TO_ANDROID_HOME/sdk\norg.gradle.caching=true\n```\n\nRunning Android Tests\n---------------------\n\n$ ANDROID_SDK_ROOT=PATH_TO_ANDROID_HOME/sdk ./gradlew :android-test:connectedCheck -PandroidBuild=true\n\nCommitter's Guides\n------------------\n\n * [Concurrency][concurrency]\n * [Debug Logging][debug_logging]\n * [Releasing][releasing]\n\n [cla]: https://spreadsheets.google.com/spreadsheet/viewform?formkey=dDViT2xzUHAwRkI3X3k5Z0lQM091OGc6MQ&ndplr=1\n [concurrency]: https://square.github.io/okhttp/concurrency/\n [debug_logging]: https://square.github.io/okhttp/debug_logging/\n [releasing]: https://square.github.io/okhttp/releasing/\n [security]: https://square.github.io/okhttp/security/\n [works_with_okhttp]: https://square.github.io/okhttp/works_with_okhttp/\n [okhttp_build]: https://github.com/square/okhttp/blob/master/okhttp/build.gradle\n"
},
{
"path": "docs/contribute/debug_logging.md",
"content": "Debug Logging\n=============\n\nOkHttp has internal APIs to enable debug logging. It uses the `java.util.logging` API which can be\ntricky to configure. As a shortcut, you can paste [OkHttpDebugLogging.kt]. Then enable debug logging\nfor whichever features you need:\n\n```\nOkHttpDebugLogging.enableHttp2()\nOkHttpDebugLogging.enableTaskRunner()\n```\n\n### Activating on Android\n\n```\n$ adb shell setprop log.tag.okhttp.Http2 DEBUG\n$ adb shell setprop log.tag.okhttp.TaskRunner DEBUG\n$ adb logcat '*:E' 'okhttp.Http2:D' 'okhttp.TaskRunner:D'\n```\n\n### HTTP/2 Frame Logging\n\nThis logs inbound (`<<`) and outbound (`>>`) frames for HTTP/2 connections.\n\n```\n[2020-01-01 00:00:00] >> CONNECTION 505249202a20485454502f322e300d0a0d0a534d0d0a0d0a\n[2020-01-01 00:00:00] >> 0x00000000 6 SETTINGS\n[2020-01-01 00:00:00] >> 0x00000000 4 WINDOW_UPDATE\n[2020-01-01 00:00:00] >> 0x00000003 47 HEADERS END_STREAM|END_HEADERS\n[2020-01-01 00:00:00] << 0x00000000 6 SETTINGS\n[2020-01-01 00:00:00] << 0x00000000 0 SETTINGS ACK\n[2020-01-01 00:00:00] << 0x00000000 4 WINDOW_UPDATE\n[2020-01-01 00:00:00] >> 0x00000000 0 SETTINGS ACK\n[2020-01-01 00:00:00] << 0x00000003 322 HEADERS END_HEADERS\n[2020-01-01 00:00:00] << 0x00000003 288 DATA\n[2020-01-01 00:00:00] << 0x00000003 0 DATA END_STREAM\n[2020-01-01 00:00:00] << 0x00000000 8 GOAWAY\n[2020-01-01 00:00:05] << 0x00000000 8 GOAWAY\n```\n\n### Task Runner Logging \n\nThis logs task enqueues, starts, and finishes.\n\n```\n[2020-01-01 00:00:00] Q10000 scheduled after 0 µs: OkHttp ConnectionPool\n[2020-01-01 00:00:00] Q10000 starting : OkHttp ConnectionPool\n[2020-01-01 00:00:00] Q10000 run again after 300 s : OkHttp ConnectionPool\n[2020-01-01 00:00:00] Q10000 finished run in 1 ms: OkHttp ConnectionPool\n[2020-01-01 00:00:00] Q10001 scheduled after 0 µs: OkHttp squareup.com applyAndAckSettings\n[2020-01-01 00:00:00] Q10001 starting : OkHttp squareup.com applyAndAckSettings\n[2020-01-01 00:00:00] Q10003 scheduled after 0 µs: OkHttp squareup.com onSettings\n[2020-01-01 00:00:00] Q10003 starting : OkHttp squareup.com onSettings\n[2020-01-01 00:00:00] Q10001 finished run in 3 ms: OkHttp squareup.com applyAndAckSettings\n[2020-01-01 00:00:00] Q10003 finished run in 528 µs: OkHttp squareup.com onSettings\n[2020-01-01 00:00:00] Q10000 scheduled after 0 µs: OkHttp ConnectionPool\n[2020-01-01 00:00:00] Q10000 starting : OkHttp ConnectionPool\n[2020-01-01 00:00:00] Q10000 run again after 300 s : OkHttp ConnectionPool\n[2020-01-01 00:00:00] Q10000 finished run in 739 µs: OkHttp ConnectionPool\n```\n\n[OkHttpDebugLogging.kt]: https://github.com/square/okhttp/blob/master/okhttp-testing-support/src/main/kotlin/okhttp3/OkHttpDebugLogging.kt\n"
},
{
"path": "docs/features/caching.md",
"content": "Caching\n=======\n\nOkHttp implements an optional, off by default, Cache. OkHttp aims for RFC correct and\npragmatic caching behaviour, following common real-world browser like Firefox/Chrome and\nserver behaviour when ambiguous.\n\n# Basic Usage\n\n```kotlin\n private val client: OkHttpClient = OkHttpClient.Builder()\n .cache(Cache(\n directory = File(application.cacheDir, \"http_cache\"),\n // $0.05 worth of phone storage in 2020\n maxSize = 50L * 1024L * 1024L // 50 MiB\n ))\n .build()\n```\n\n## EventListener events\n\nCache Events are exposed via the EventListener API. Typical scenarios are below.\n\n### Cache Hit\n\nIn the ideal scenario the cache can fulfill the request without any conditional call to the network.\nThis will skip the normal events such as DNS, connecting to the network, and downloading the response body.\n\nAs recommended by the HTTP RFC the max age of a document is defaulted to 10% of the\ndocument's age at the time it was served based on \"Last-Modified\". Default expiration dates aren't used for URIs\ncontaining a query.\n\n - CallStart\n - **CacheHit**\n - CallEnd\n\n### Cache Miss\n\nUnder a cache miss the normal request events are seen but an additional event shows the presence of the cache.\nCache Miss will be typical if the item has not been read from the network, is uncacheable, or is past it's\nlifetime based on Response cache headers.\n\n - CallStart\n - **CacheMiss**\n - ProxySelectStart\n - ... Standard Events ...\n - CallEnd\n\n### Conditional Cache Hit\n\nWhen cache flags require checking the cache results are still valid an early cacheConditionalHit event is\nreceived followed by a cache hit or miss. Critically in the cache hit scenario the server won’t send the response body.\n\nThe response will have non-null `cacheResponse` and `networkResponse`. The cacheResponse will be used as the top level\nresponse only if the response code is HTTP/1.1 304 Not Modified.\n\n - CallStart\n - **CacheConditionalHit**\n - ConnectionAcquired\n - ... Standard Events...\n - ResponseBodyEnd _(0 bytes)_\n - **CacheHit**\n - ConnectionReleased\n - CallEnd\n\n## Cache directory\n\nThe cache directory must be exclusively owned by a single instance.\n\nDeleting the cache when it is no longer needed can be done. However this may delete the purpose of the cache\nwhich is designed to persist between app restarts.\n\n```kotlin\ncache.delete()\n```\n\n## Pruning the Cache\n\nPruning the entire Cache to clear space temporarily can be done using evictAll.\n\n```kotlin\ncache.evictAll()\n```\n\nRemoving individual items can be done using the urls iterator.\nThis would be typical after a user initiates a force refresh by a pull to refresh type action.\n\n```java\n val urlIterator = cache.urls()\n while (urlIterator.hasNext()) {\n if (urlIterator.next().startsWith(\"https://www.google.com/\")) {\n urlIterator.remove()\n }\n }\n```\n\n### Troubleshooting\n\n1. Valid cacheable responses are not being cached\n\nMake sure you are reading responses fully as unless they are read fully, cancelled or stalled Responses will not be cached.\n\n### Overriding normal cache behaviour\n\nSee [`Cache`](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-cache/) documentation.\n"
},
{
"path": "docs/features/calls.md",
"content": "# Calls\n\nThe HTTP client’s job is to accept your request and produce its response. This is simple in theory but it gets tricky in practice.\n\n## [Requests](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-request/)\n\nEach HTTP request contains a URL, a method (like `GET` or `POST`), and a list of headers. Requests may also contain a body: a data stream of a specific content type.\n\n## [Responses](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-response/)\n\nThe response answers the request with a code (like 200 for success or 404 for not found), headers, and its own optional body.\n\n## Rewriting Requests\n\nWhen you provide OkHttp with an HTTP request, you’re describing the request at a high-level: _“fetch me this URL with these headers.”_ For correctness and efficiency, OkHttp rewrites your request before transmitting it.\n\nOkHttp may add headers that are absent from the original request, including `Content-Length`, `Transfer-Encoding`, `User-Agent`, `Host`, `Connection`, and `Content-Type`. It will add an `Accept-Encoding` header for transparent response compression unless the header is already present. If you’ve got cookies, OkHttp will add a `Cookie` header with them.\n\nSome requests will have a cached response. When this cached response isn’t fresh, OkHttp can do a _conditional GET_ to download an updated response if it’s newer than what’s cached. This requires headers like `If-Modified-Since` and `If-None-Match` to be added.\n\n## Rewriting Responses\n\nIf transparent compression was used, OkHttp will drop the corresponding response headers `Content-Encoding` and `Content-Length` because they don’t apply to the decompressed response body.\n\nIf a conditional GET was successful, responses from the network and cache are merged as directed by the spec.\n\n## Follow-up Requests\n\nWhen your requested URL has moved, the webserver will return a response code like `302` to indicate the document’s new URL. OkHttp will follow the redirect to retrieve a final response.\n\nIf the response issues an authorization challenge, OkHttp will ask the [`Authenticator`](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-authenticator/) (if one is configured) to satisfy the challenge. If the authenticator supplies a credential, the request is retried with that credential included.\n\n## Retrying Requests\n\nSometimes connections fail: either a pooled connection was stale and disconnected, or the webserver itself couldn’t be reached. OkHttp will retry the request with a different route if one is available.\n\n## [Calls](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-call/)\n\nWith rewrites, redirects, follow-ups and retries, your simple request may yield many requests and responses. OkHttp uses `Call` to model the task of satisfying your request through however many intermediate requests and responses are necessary. Typically this isn’t many! But it’s comforting to know that your code will continue to work if your URLs are redirected or if you failover to an alternate IP address.\n\nCalls are executed in one of two ways:\n\n * **Synchronous:** your thread blocks until the response is readable.\n * **Asynchronous:** you enqueue the request on any thread, and get [called back](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-callback/) on another thread when the response is readable.\n\nCalls can be canceled from any thread. This will fail the call if it hasn’t yet completed! Code that is writing the request body or reading the response body will suffer an `IOException` when its call is canceled.\n\n## Dispatch\n\nFor synchronous calls, you bring your own thread and are responsible for managing how many simultaneous requests you make. Too many simultaneous connections wastes resources; too few harms latency.\n\nFor asynchronous calls, [`Dispatcher`](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-dispatcher/) implements policy for maximum simultaneous requests. You can set maximums per-webserver (default is 5), and overall (default is 64).\n"
},
{
"path": "docs/features/connections.md",
"content": "Connections\n===========\n\nAlthough you provide only the URL, OkHttp plans its connection to your webserver using three types: URL, Address, and Route.\n\n### [URLs](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-http-url/)\n\nURLs (like `https://github.com/square/okhttp`) are fundamental to HTTP and the Internet. In addition to being a universal, decentralized naming scheme for everything on the web, they also specify how to access web resources.\n\nURLs are abstract:\n\n * They specify that the call may be plaintext (`http`) or encrypted (`https`), but not which cryptographic algorithms should be used. Nor do they specify how to verify the peer's certificates (the [HostnameVerifier](https://developer.android.com/reference/javax/net/ssl/HostnameVerifier.html)) or which certificates can be trusted (the [SSLSocketFactory](https://developer.android.com/reference/org/apache/http/conn/ssl/SSLSocketFactory.html)).\n * They don't specify whether a specific proxy server should be used or how to authenticate with that proxy server.\n\nThey're also concrete: each URL identifies a specific path (like `/square/okhttp`) and query (like `?q=sharks&lang=en`). Each webserver hosts many URLs.\n\n### [Addresses](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-address/)\n\nAddresses specify a webserver (like `github.com`) and all of the **static** configuration necessary to connect to that server: the port number, HTTPS settings, and preferred network protocols (like HTTP/2).\n\nURLs that share the same address may also share the same underlying TCP socket connection. Sharing a connection has substantial performance benefits: lower latency, higher throughput (due to [TCP slow start](https://www.igvita.com/2011/10/20/faster-web-vs-tcp-slow-start/)) and conserved battery. OkHttp uses a [ConnectionPool](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-connection-pool/) that automatically reuses HTTP/1.x connections and multiplexes HTTP/2 connections.\n\nIn OkHttp some fields of the address come from the URL (scheme, hostname, port) and the rest come from the [OkHttpClient](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-ok-http-client/).\n\n### [Routes](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-route/)\n\nRoutes supply the **dynamic** information necessary to actually connect to a webserver. This is the specific IP address to attempt (as discovered by a DNS query), the exact proxy server to use (if a [ProxySelector](https://developer.android.com/reference/java/net/ProxySelector.html) is in use), and which version of TLS to negotiate (for HTTPS connections).\n\nThere may be many routes for a single address. For example, a webserver that is hosted in multiple datacenters may yield multiple IP addresses in its DNS response.\n\nIn limited situations OkHttp will retry a route if connecting fails:\n\n * When making an HTTPS connection through an HTTP proxy, the proxy may issue an authentication challenge. OkHttp will call the proxy [authenticator](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-authenticator/) and try again.\n * When making TLS connections with multiple [connection specs](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-connection-spec/), these are attempted in sequence until the TLS handshake succeeds.\n\n### [Connections](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-connection/)\n\nWhen you request a URL with OkHttp, here's what it does:\n\n 1. It uses the URL and configured OkHttpClient to create an **address**. This address specifies how we'll connect to the webserver.\n 2. It attempts to retrieve a connection with that address from the **connection pool**.\n 3. If it doesn't find a connection in the pool, it selects a **route** to attempt. This usually means making a DNS request to get the server's IP addresses. It then selects a TLS version and proxy server if necessary.\n 4. If it's a new route, it connects by building either a direct socket connection, a TLS tunnel (for HTTPS over an HTTP proxy), or a direct TLS connection. It does TLS handshakes as necessary. This step may be retried for tunnel challenges and TLS handshake failures.\n 5. It sends the HTTP request and reads the response.\n\nIf there's a problem with the connection, OkHttp will select another route and try again. This allows OkHttp to recover when a subset of a server's addresses are unreachable. It's also useful when a pooled connection is stale or if the attempted TLS version is unsupported.\n\nOnce the response has been received, the connection will be returned to the pool so it can be reused for a future request. Connections are evicted from the pool after a period of inactivity.\n\n### [Fast Fallback](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-ok-http-client/-builder/fast-fallback)\n\nSince version 5.0, `OkHttpClient` supports fast fallback, which is our implementation of Happy Eyeballs [RFC 6555](https://datatracker.ietf.org/doc/html/rfc6555).\n\nWith fast fallback, OkHttp attempts to connect to multiple web servers concurrently. It keeps whichever route connects first and cancels all of the others. Its rules are:\n\n * Prefer to alternate IP addresses from different address families, (IPv6 / IPv4), starting with IPv6.\n * Don't start a new attempt until 250 ms after the most recent attempt was started.\n * Keep whichever TCP connection succeeds first and cancel all the others.\n * Race TCP only. Only attempt a TLS handshake on the winning TCP connection.\n\nIf the winner of the TCP handshake race fails to succeed in a TLS handshake, the process is restarted with the remaining routes.\n\n"
},
{
"path": "docs/features/events.md",
"content": "Events\n======\n\nEvents allow you to capture metrics on your application’s HTTP calls. Use events to monitor:\n\n * The size and frequency of the HTTP calls your application makes. If you’re making too many calls, or your calls are too large, you should know about it!\n * The performance of these calls on the underlying network. If the network’s performance isn’t sufficient, you need to either improve the network or use less of it.\n\n### EventListener\n\nSubclass [EventListener](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-event-listener/) and override methods for the events you are interested in. In a successful HTTP call with no redirects or retries the sequence of events is described by this flow.\n\n\n\nHere’s a [sample event listener](https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/PrintEventsNonConcurrent.java) that prints each event with a timestamp.\n\n```java\nclass PrintingEventListener extends EventListener {\n private long callStartNanos;\n\n private void printEvent(String name) {\n long nowNanos = System.nanoTime();\n if (name.equals(\"callStart\")) {\n callStartNanos = nowNanos;\n }\n long elapsedNanos = nowNanos - callStartNanos;\n System.out.printf(\"%.3f %s%n\", elapsedNanos / 1000000000d, name);\n }\n\n @Override public void callStart(Call call) {\n printEvent(\"callStart\");\n }\n\n @Override public void callEnd(Call call) {\n printEvent(\"callEnd\");\n }\n\n @Override public void dnsStart(Call call, String domainName) {\n printEvent(\"dnsStart\");\n }\n\n @Override public void dnsEnd(Call call, String domainName, List inetAddressList) {\n printEvent(\"dnsEnd\");\n }\n\n ...\n}\n```\n\nWe make a couple calls:\n\n```java\nRequest request = new Request.Builder()\n .url(\"https://publicobject.com/helloworld.txt\")\n .build();\n\nSystem.out.println(\"REQUEST 1 (new connection)\");\ntry (Response response = client.newCall(request).execute()) {\n // Consume and discard the response body.\n response.body().source().readByteString();\n}\n\nSystem.out.println(\"REQUEST 2 (pooled connection)\");\ntry (Response response = client.newCall(request).execute()) {\n // Consume and discard the response body.\n response.body().source().readByteString();\n}\n```\n\nAnd the listener prints the corresponding events:\n\n```\nREQUEST 1 (new connection)\n0.000 callStart\n0.010 dnsStart\n0.017 dnsEnd\n0.025 connectStart\n0.117 secureConnectStart\n0.586 secureConnectEnd\n0.586 connectEnd\n0.587 connectionAcquired\n0.588 requestHeadersStart\n0.590 requestHeadersEnd\n0.591 responseHeadersStart\n0.675 responseHeadersEnd\n0.676 responseBodyStart\n0.679 responseBodyEnd\n0.679 connectionReleased\n0.680 callEnd\nREQUEST 2 (pooled connection)\n0.000 callStart\n0.001 connectionAcquired\n0.001 requestHeadersStart\n0.001 requestHeadersEnd\n0.002 responseHeadersStart\n0.082 responseHeadersEnd\n0.082 responseBodyStart\n0.082 responseBodyEnd\n0.083 connectionReleased\n0.083 callEnd\n```\n\nNotice how no connect events are fired for the second call. It reused the connection from the first request for dramatically better performance.\n\n### EventListener.Factory\n\nIn the preceding example we used a field, `callStartNanos`, to track the elapsed time of each event. This is handy, but it won’t work if multiple calls are executing concurrently. To accommodate this, use a `Factory` to create a new `EventListener` instance for each `Call`. This allows each listener to keep call-specific state.\n\nThis [sample factory](https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/PrintEvents.java) creates a unique ID for each call and uses that ID to differentiate calls in log messages.\n\n```java\nclass PrintingEventListener extends EventListener {\n public static final Factory FACTORY = new Factory() {\n final AtomicLong nextCallId = new AtomicLong(1L);\n\n @Override public EventListener create(Call call) {\n long callId = nextCallId.getAndIncrement();\n System.out.printf(\"%04d %s%n\", callId, call.request().url());\n return new PrintingEventListener(callId, System.nanoTime());\n }\n };\n\n final long callId;\n final long callStartNanos;\n\n public PrintingEventListener(long callId, long callStartNanos) {\n this.callId = callId;\n this.callStartNanos = callStartNanos;\n }\n\n private void printEvent(String name) {\n long elapsedNanos = System.nanoTime() - callStartNanos;\n System.out.printf(\"%04d %.3f %s%n\", callId, elapsedNanos / 1000000000d, name);\n }\n\n @Override public void callStart(Call call) {\n printEvent(\"callStart\");\n }\n\n @Override public void callEnd(Call call) {\n printEvent(\"callEnd\");\n }\n\n ...\n}\n```\n\nWe can use this listener to race a pair of concurrent HTTP requests:\n\n```java\nRequest washingtonPostRequest = new Request.Builder()\n .url(\"https://www.washingtonpost.com/\")\n .build();\nclient.newCall(washingtonPostRequest).enqueue(new Callback() {\n ...\n});\n\nRequest newYorkTimesRequest = new Request.Builder()\n .url(\"https://www.nytimes.com/\")\n .build();\nclient.newCall(newYorkTimesRequest).enqueue(new Callback() {\n ...\n});\n```\n\nRunning this race over home WiFi shows the Times (`0002`) completes just slightly sooner than the Post (`0001`):\n\n```\n0001 https://www.washingtonpost.com/\n0001 0.000 callStart\n0002 https://www.nytimes.com/\n0002 0.000 callStart\n0002 0.010 dnsStart\n0001 0.013 dnsStart\n0001 0.022 dnsEnd\n0002 0.019 dnsEnd\n0001 0.028 connectStart\n0002 0.025 connectStart\n0002 0.072 secureConnectStart\n0001 0.075 secureConnectStart\n0001 0.386 secureConnectEnd\n0002 0.390 secureConnectEnd\n0002 0.400 connectEnd\n0001 0.403 connectEnd\n0002 0.401 connectionAcquired\n0001 0.404 connectionAcquired\n0001 0.406 requestHeadersStart\n0002 0.403 requestHeadersStart\n0001 0.414 requestHeadersEnd\n0002 0.411 requestHeadersEnd\n0002 0.412 responseHeadersStart\n0001 0.415 responseHeadersStart\n0002 0.474 responseHeadersEnd\n0002 0.475 responseBodyStart\n0001 0.554 responseHeadersEnd\n0001 0.555 responseBodyStart\n0002 0.554 responseBodyEnd\n0002 0.554 connectionReleased\n0002 0.554 callEnd\n0001 0.624 responseBodyEnd\n0001 0.624 connectionReleased\n0001 0.624 callEnd\n```\n\nThe `EventListener.Factory` also makes it possible to limit metrics to a subset of calls. This one captures metrics on a random 10%:\n\n```java\nclass MetricsEventListener extends EventListener {\n private static final Factory FACTORY = new Factory() {\n @Override public EventListener create(Call call) {\n if (Math.random() < 0.10) {\n return new MetricsEventListener(call);\n } else {\n return EventListener.NONE;\n }\n }\n };\n\n ...\n}\n```\n\n### Events with Failures\n\nWhen an operation fails, a failure method is called. This is `connectFailed()` for failures while building a connection to the server, and `callFailed()` when the HTTP call fails permanently. When a failure happens it is possible that a `start` event won’t have a corresponding `end` event.\n\n\n\n### Events with Retries and Follow-Ups\n\nOkHttp is resilient and can automatically recover from some connectivity failures. In this case, the `connectFailed()` event is not terminal and not followed by `callFailed()`. Event listeners will receive multiple events of the same type when retries are attempted.\n\nA single HTTP call may require follow-up requests to be made to handle authentication challenges, redirects, and HTTP-layer timeouts. In such cases multiple connections, requests, and responses may be attempted. Follow-ups are another reason a single call may trigger multiple events of the same type.\n\n\n\n### Availability\n\nEvents is available as a public API in OkHttp 3.11. Future releases may introduce new event types; you will need to override the corresponding methods to handle them.\n"
},
{
"path": "docs/features/https.md",
"content": "HTTPS\n=====\n\nOkHttp attempts to balance two competing concerns:\n\n * **Connectivity** to as many hosts as possible. That includes advanced hosts that run the latest versions of [boringssl](https://boringssl.googlesource.com/boringssl/) and less out of date hosts running older versions of [OpenSSL](https://www.openssl.org/).\n * **Security** of the connection. This includes verification of the remote webserver with certificates and the privacy of data exchanged with strong ciphers.\n\nWhen negotiating a connection to an HTTPS server, OkHttp needs to know which [TLS versions](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-tls-version/) and [cipher suites](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-cipher-suite/) to offer. A client that wants to maximize connectivity would include obsolete TLS versions and weak-by-design cipher suites. A strict client that wants to maximize security would be limited to only the latest TLS version and strongest cipher suites.\n\nSpecific security vs. connectivity decisions are implemented by [ConnectionSpec](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-connection-spec/). OkHttp includes four built-in connection specs:\n\n * `RESTRICTED_TLS` is a secure configuration, intended to meet stricter compliance requirements.\n * `MODERN_TLS` is a secure configuration that connects to modern HTTPS servers.\n * `COMPATIBLE_TLS` is a secure configuration that connects to secure–but not current–HTTPS servers.\n * `CLEARTEXT` is an insecure configuration that is used for `http://` URLs.\n\nThese loosely follow the model set in [Google Cloud Policies](https://cloud.google.com/load-balancing/docs/ssl-policies-concepts). We [track changes](../security/tls_configuration_history.md) to this policy.\n\nBy default, OkHttp will attempt a `MODERN_TLS` connection. However by configuring the client connectionSpecs you can allow a fall back to `COMPATIBLE_TLS` connection if the modern configuration fails.\n\n```java\nOkHttpClient client = new OkHttpClient.Builder()\n .connectionSpecs(Arrays.asList(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS))\n .build();\n```\n\nThe TLS versions and cipher suites in each spec can change with each release. For example, in OkHttp 2.2 we dropped support for SSL 3.0 in response to the [POODLE](https://googleonlinesecurity.blogspot.ca/2014/10/this-poodle-bites-exploiting-ssl-30.html) attack. And in OkHttp 2.3 we dropped support for [RC4](https://en.wikipedia.org/wiki/RC4#Security). As with your desktop web browser, staying up-to-date with OkHttp is the best way to stay secure.\n\nYou can build your own connection spec with a custom set of TLS versions and cipher suites. For example, this configuration is limited to three highly-regarded cipher suites. Its drawback is that it requires Android 5.0+ and a similarly current webserver.\n\n```java\nConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)\n .tlsVersions(TlsVersion.TLS_1_2)\n .cipherSuites(\n CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,\n CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\n CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)\n .build();\n\nOkHttpClient client = new OkHttpClient.Builder()\n .connectionSpecs(Collections.singletonList(spec))\n .build();\n```\n\n### Debugging TLS Handshake Failures\n\nThe TLS handshake requires clients and servers to share a common TLS version and cipher suite. This\ndepends on the JVM or Android version, OkHttp version, and web server configuration. If there is no\ncommon cipher suite and TLS version, your call will fail like this:\n\n```\nCaused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7f2719a89e80:\n Failure in SSL library, usually a protocol error\n error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake\n failure (external/openssl/ssl/s23_clnt.c:770 0x7f2728a53ea0:0x00000000)\n at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)\n```\n\nYou can check a web server's configuration using [Qualys SSL Labs][qualys]. OkHttp's TLS\nconfiguration history is [tracked here](../security/tls_configuration_history.md).\n\nApplications expected to be installed on older Android devices should consider adopting the\n[Google Play Services’ ProviderInstaller][provider_installer]. This will increase security for users\nand increase connectivity with web servers.\n\n### Certificate Pinning ([.kt][CertificatePinningKotlin], [.java][CertificatePinningJava])\n\nBy default, OkHttp trusts the certificate authorities of the host platform. This strategy maximizes connectivity, but it is subject to certificate authority attacks such as the [2011 DigiNotar attack](https://www.computerworld.com/article/2510951/cybercrime-hacking/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html). It also assumes your HTTPS servers’ certificates are signed by a certificate authority.\n\nUse [CertificatePinner](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-certificate-pinner/) to restrict which certificates and certificate authorities are trusted. Certificate pinning increases security, but limits your server team’s abilities to update their TLS certificates. **Do not use certificate pinning without the blessing of your server’s TLS administrator!**\n\n=== \":material-language-kotlin: Kotlin\"\n ```kotlin\n private val client = OkHttpClient.Builder()\n .certificatePinner(\n CertificatePinner.Builder()\n .add(\"publicobject.com\", \"sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=\")\n .build())\n .build()\n\n fun run() {\n val request = Request.Builder()\n .url(\"https://publicobject.com/robots.txt\")\n .build()\n\n client.newCall(request).execute().use { response ->\n if (!response.isSuccessful) throw IOException(\"Unexpected code $response\")\n\n for (certificate in response.handshake!!.peerCertificates) {\n println(CertificatePinner.pin(certificate))\n }\n }\n }\n ```\n=== \":material-language-java: Java\"\n ```java\n private final OkHttpClient client = new OkHttpClient.Builder()\n .certificatePinner(\n new CertificatePinner.Builder()\n .add(\"publicobject.com\", \"sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=\")\n .build())\n .build();\n\n public void run() throws Exception {\n Request request = new Request.Builder()\n .url(\"https://publicobject.com/robots.txt\")\n .build();\n\n try (Response response = client.newCall(request).execute()) {\n if (!response.isSuccessful()) throw new IOException(\"Unexpected code \" + response);\n\n for (Certificate certificate : response.handshake().peerCertificates()) {\n System.out.println(CertificatePinner.pin(certificate));\n }\n }\n }\n ```\n\n### Customizing Trusted Certificates ([.kt][CustomTrustKotlin], [.java][CustomTrustJava])\n\nThe full code sample shows how to replace the host platform’s certificate authorities with your own set. As above, **do not use custom certificates without the blessing of your server’s TLS administrator!**\n\n=== \":material-language-kotlin: Kotlin\"\n ```kotlin\n private val client: OkHttpClient\n\n init {\n val trustManager = trustManagerForCertificates(trustedCertificatesInputStream())\n val sslContext = SSLContext.getInstance(\"TLS\")\n sslContext.init(null, arrayOf(trustManager), null)\n val sslSocketFactory = sslContext.socketFactory\n\n client = OkHttpClient.Builder()\n .sslSocketFactory(sslSocketFactory, trustManager)\n .build()\n }\n\n fun run() {\n val request = Request.Builder()\n .url(\"https://publicobject.com/helloworld.txt\")\n .build()\n\n client.newCall(request).execute().use { response ->\n if (!response.isSuccessful) throw IOException(\"Unexpected code $response\")\n\n for ((name, value) in response.headers) {\n println(\"$name: $value\")\n }\n\n println(response.body!!.string())\n }\n }\n\n /**\n * Returns an input stream containing one or more certificate PEM files. This implementation just\n * embeds the PEM files in Java strings; most applications will instead read this from a resource\n * file that gets bundled with the application.\n */\n private fun trustedCertificatesInputStream(): InputStream {\n ... // Full source omitted. See sample.\n }\n\n private fun trustManagerForCertificates(inputStream: InputStream): X509TrustManager {\n ... // Full source omitted. See sample.\n }\n ```\n=== \":material-language-java: Java\"\n ```java\n private final OkHttpClient client;\n\n public CustomTrust() {\n X509TrustManager trustManager;\n SSLSocketFactory sslSocketFactory;\n try {\n trustManager = trustManagerForCertificates(trustedCertificatesInputStream());\n SSLContext sslContext = SSLContext.getInstance(\"TLS\");\n sslContext.init(null, new TrustManager[] { trustManager }, null);\n sslSocketFactory = sslContext.getSocketFactory();\n } catch (GeneralSecurityException e) {\n throw new RuntimeException(e);\n }\n\n client = new OkHttpClient.Builder()\n .sslSocketFactory(sslSocketFactory, trustManager)\n .build();\n }\n\n public void run() throws Exception {\n Request request = new Request.Builder()\n .url(\"https://publicobject.com/helloworld.txt\")\n .build();\n\n Response response = client.newCall(request).execute();\n System.out.println(response.body().string());\n }\n\n private InputStream trustedCertificatesInputStream() {\n ... // Full source omitted. See sample.\n }\n\n public SSLContext sslContextForTrustedCertificates(InputStream in) {\n ... // Full source omitted. See sample.\n }\n ```\n\n [CustomTrustJava]: https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java\n [CustomTrustKotlin]: https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/kt/CustomTrust.kt\n [CertificatePinningJava]: https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CertificatePinning.java\n [CertificatePinningKotlin]: https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/kt/CertificatePinning.kt\n [provider_installer]: https://developer.android.com/training/articles/security-gms-provider\n [qualys]: https://www.ssllabs.com/ssltest/\n"
},
{
"path": "docs/features/interceptors.md",
"content": "Interceptors\n============\n\nInterceptors are a powerful mechanism that can monitor, rewrite, and retry calls. Here's a simple interceptor that logs the outgoing request and the incoming response.\n\n```java\nclass LoggingInterceptor implements Interceptor {\n @Override public Response intercept(Interceptor.Chain chain) throws IOException {\n Request request = chain.request();\n\n long t1 = System.nanoTime();\n logger.info(String.format(\"Sending request %s on %s%n%s\",\n request.url(), chain.connection(), request.headers()));\n\n Response response = chain.proceed(request);\n\n long t2 = System.nanoTime();\n logger.info(String.format(\"Received response for %s in %.1fms%n%s\",\n response.request().url(), (t2 - t1) / 1e6d, response.headers()));\n\n return response;\n }\n}\n```\n\nA call to `chain.proceed(request)` is a critical part of each interceptor’s implementation. This simple-looking method is where all the HTTP work happens, producing a response to satisfy the request. If `chain.proceed(request)` is being called more than once previous response bodies must be closed.\n\nInterceptors can be chained. Suppose you have both a compressing interceptor and a checksumming interceptor: you'll need to decide whether data is compressed and then checksummed, or checksummed and then compressed. OkHttp uses lists to track interceptors, and interceptors are called in order.\n\n\n\n### Application Interceptors\n\nInterceptors are registered as either _application_ or _network_ interceptors. We'll use the `LoggingInterceptor` defined above to show the difference.\n\nRegister an _application_ interceptor by calling `addInterceptor()` on `OkHttpClient.Builder`:\n\n```java\nOkHttpClient client = new OkHttpClient.Builder()\n .addInterceptor(new LoggingInterceptor())\n .build();\n\nRequest request = new Request.Builder()\n .url(\"http://www.publicobject.com/helloworld.txt\")\n .header(\"User-Agent\", \"OkHttp Example\")\n .build();\n\nResponse response = client.newCall(request).execute();\nresponse.body().close();\n```\n\nThe URL `http://www.publicobject.com/helloworld.txt` redirects to `https://publicobject.com/helloworld.txt`, and OkHttp follows this redirect automatically. Our application interceptor is called **once** and the response returned from `chain.proceed()` has the redirected response:\n\n```\nINFO: Sending request http://www.publicobject.com/helloworld.txt on null\nUser-Agent: OkHttp Example\n\nINFO: Received response for https://publicobject.com/helloworld.txt in 1179.7ms\nServer: nginx/1.4.6 (Ubuntu)\nContent-Type: text/plain\nContent-Length: 1759\nConnection: keep-alive\n```\n\nWe can see that we were redirected because `response.request().url()` is different from `request.url()`. The two log statements log two different URLs.\n\n### Network Interceptors\n\nRegistering a network interceptor is quite similar. Call `addNetworkInterceptor()` instead of `addInterceptor()`:\n\n```java\nOkHttpClient client = new OkHttpClient.Builder()\n .addNetworkInterceptor(new LoggingInterceptor())\n .build();\n\nRequest request = new Request.Builder()\n .url(\"http://www.publicobject.com/helloworld.txt\")\n .header(\"User-Agent\", \"OkHttp Example\")\n .build();\n\nResponse response = client.newCall(request).execute();\nresponse.body().close();\n```\n\nWhen we run this code, the interceptor runs twice. Once for the initial request to `http://www.publicobject.com/helloworld.txt`, and another for the redirect to `https://publicobject.com/helloworld.txt`.\n\n```\nINFO: Sending request http://www.publicobject.com/helloworld.txt on Connection{www.publicobject.com:80, proxy=DIRECT hostAddress=54.187.32.157 cipherSuite=none protocol=http/1.1}\nUser-Agent: OkHttp Example\nHost: www.publicobject.com\nConnection: Keep-Alive\nAccept-Encoding: gzip\n\nINFO: Received response for http://www.publicobject.com/helloworld.txt in 115.6ms\nServer: nginx/1.4.6 (Ubuntu)\nContent-Type: text/html\nContent-Length: 193\nConnection: keep-alive\nLocation: https://publicobject.com/helloworld.txt\n\nINFO: Sending request https://publicobject.com/helloworld.txt on Connection{publicobject.com:443, proxy=DIRECT hostAddress=54.187.32.157 cipherSuite=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA protocol=http/1.1}\nUser-Agent: OkHttp Example\nHost: publicobject.com\nConnection: Keep-Alive\nAccept-Encoding: gzip\n\nINFO: Received response for https://publicobject.com/helloworld.txt in 80.9ms\nServer: nginx/1.4.6 (Ubuntu)\nContent-Type: text/plain\nContent-Length: 1759\nConnection: keep-alive\n```\n\nThe network requests also contain more data, such as the `Accept-Encoding: gzip` header added by OkHttp to advertise support for response compression. The network interceptor's `Chain` has a non-null `Connection` that can be used to interrogate the IP address and TLS configuration that were used to connect to the webserver.\n\n### Choosing between application and network interceptors\n\nEach interceptor chain has relative merits.\n\n**Application interceptors**\n\n * Don't need to worry about intermediate responses like redirects and retries.\n * Are always invoked once, even if the HTTP response is served from the cache.\n * Observe the application's original intent. Unconcerned with OkHttp-injected headers like `If-None-Match`.\n * Permitted to short-circuit and not call `Chain.proceed()`.\n * Permitted to retry and make multiple calls to `Chain.proceed()`.\n * Can adjust Call timeouts using withConnectTimeout, withReadTimeout, withWriteTimeout.\n\n**Network Interceptors**\n\n * Able to operate on intermediate responses like redirects and retries.\n * Not invoked for cached responses that short-circuit the network.\n * Observe the data just as it will be transmitted over the network.\n * Access to the `Connection` that carries the request.\n\n### Rewriting Requests\n\nInterceptors can add, remove, or replace request headers. They can also transform the body of those requests that have one. For example, you can use an application interceptor to add request body compression if you're connecting to a webserver known to support it.\n\n```java\n/** This interceptor compresses the HTTP request body. Many webservers can't handle this! */\nfinal class GzipRequestInterceptor implements Interceptor {\n @Override public Response intercept(Interceptor.Chain chain) throws IOException {\n Request originalRequest = chain.request();\n if (originalRequest.body() == null || originalRequest.header(\"Content-Encoding\") != null) {\n return chain.proceed(originalRequest);\n }\n\n Request compressedRequest = originalRequest.newBuilder()\n .header(\"Content-Encoding\", \"gzip\")\n .method(originalRequest.method(), gzip(originalRequest.body()))\n .build();\n return chain.proceed(compressedRequest);\n }\n\n private RequestBody gzip(final RequestBody body) {\n return new RequestBody() {\n @Override public MediaType contentType() {\n return body.contentType();\n }\n\n @Override public long contentLength() {\n return -1; // We don't know the compressed length in advance!\n }\n\n @Override public void writeTo(BufferedSink sink) throws IOException {\n BufferedSink gzipSink = Okio.buffer(new GzipSink(sink));\n body.writeTo(gzipSink);\n gzipSink.close();\n }\n };\n }\n}\n```\n\n### Rewriting Responses\n\nSymmetrically, interceptors can rewrite response headers and transform the response body. This is generally more dangerous than rewriting request headers because it may violate the webserver's expectations!\n\nIf you're in a tricky situation and prepared to deal with the consequences, rewriting response headers is a powerful way to work around problems. For example, you can fix a server's misconfigured `Cache-Control` response header to enable better response caching:\n\n```java\n/** Dangerous interceptor that rewrites the server's cache-control header. */\nprivate static final Interceptor REWRITE_CACHE_CONTROL_INTERCEPTOR = new Interceptor() {\n @Override public Response intercept(Interceptor.Chain chain) throws IOException {\n Response originalResponse = chain.proceed(chain.request());\n return originalResponse.newBuilder()\n .header(\"Cache-Control\", \"max-age=60\")\n .build();\n }\n};\n```\n\nTypically this approach works best when it complements a corresponding fix on the webserver!\n"
},
{
"path": "docs/features/r8_proguard.md",
"content": "\nR8 / ProGuard\n=============\n\nIf you use OkHttp as a dependency in an Android project which uses R8 as a default compiler you\ndon't have to do anything. The specific rules are [already bundled][okhttp3_pro] into the JAR which can be\ninterpreted by R8 automatically.\n\nIf you, however, don't use R8 you have to apply the rules from [this file][okhttp3_pro]. You might\nalso need rules from [Okio][okio] which is a dependency of this library.\n\n [okhttp3_pro]: https://raw.githubusercontent.com/square/okhttp/master/okhttp/okhttp3.pro\n [okio]: https://square.github.io/okio/\n"
},
{
"path": "docs/recipes.md",
"content": "---\ntitle: Recipes\ndescription: A collection of common/useful code examples for Kotlin and Java\n---\n\n\n# Recipes\n\nWe've written some recipes that demonstrate how to solve common problems with OkHttp. Read through them to learn about how everything works together. Cut-and-paste these examples freely; that's what they're for.\n\n### Synchronous Get ([.kt][SynchronousGetKotlin], [.java][SynchronousGetJava])\n\nDownload a file, print its headers, and print its response body as a string.\n\nThe `string()` method on response body is convenient and efficient for small documents. But if the response body is large (greater than 1 MiB), avoid `string()` because it will load the entire document into memory. In that case, prefer to process the body as a stream.\n\n=== \":material-language-kotlin: Kotlin\"\n ```kotlin\n private val client = OkHttpClient()\n\n fun run() {\n val request = Request.Builder()\n .url(\"https://publicobject.com/helloworld.txt\")\n .build()\n\n client.newCall(request).execute().use { response ->\n if (!response.isSuccessful) throw IOException(\"Unexpected code $response\")\n\n for ((name, value) in response.headers) {\n println(\"$name: $value\")\n }\n\n println(response.body!!.string())\n }\n }\n ```\n=== \":material-language-java: Java\"\n ```java\n private final OkHttpClient client = new OkHttpClient();\n\n public void run() throws Exception {\n Request request = new Request.Builder()\n .url(\"https://publicobject.com/helloworld.txt\")\n .build();\n\n try (Response response = client.newCall(request).execute()) {\n if (!response.isSuccessful()) throw new IOException(\"Unexpected code \" + response);\n\n Headers responseHeaders = response.headers();\n for (int i = 0; i < responseHeaders.size(); i++) {\n System.out.println(responseHeaders.name(i) + \": \" + responseHeaders.value(i));\n }\n\n System.out.println(response.body().string());\n }\n }\n ```\n\n### Asynchronous Get ([.kt][AsynchronousGetKotlin], [.java][AsynchronousGetJava])\n\nDownload a file on a worker thread, and get called back when the response is readable. The callback is made after the response headers are ready. Reading the response body may still block. OkHttp doesn't currently offer asynchronous APIs to receive a response body in parts.\n\n=== \":material-language-kotlin: Kotlin\"\n ```kotlin\n private val client = OkHttpClient()\n\n fun run() {\n val request = Request.Builder()\n .url(\"http://publicobject.com/helloworld.txt\")\n .build()\n\n client.newCall(request).enqueue(object : Callback {\n override fun onFailure(call: Call, e: IOException) {\n e.printStackTrace()\n }\n\n override fun onResponse(call: Call, response: Response) {\n response.use {\n if (!response.isSuccessful) throw IOException(\"Unexpected code $response\")\n\n for ((name, value) in response.headers) {\n println(\"$name: $value\")\n }\n\n println(response.body!!.string())\n }\n }\n })\n }\n ```\n=== \":material-language-java: Java\"\n ```java\n private final OkHttpClient client = new OkHttpClient();\n\n public void run() throws Exception {\n Request request = new Request.Builder()\n .url(\"http://publicobject.com/helloworld.txt\")\n .build();\n\n client.newCall(request).enqueue(new Callback() {\n @Override public void onFailure(Call call, IOException e) {\n e.printStackTrace();\n }\n\n @Override public void onResponse(Call call, Response response) throws IOException {\n try (ResponseBody responseBody = response.body()) {\n if (!response.isSuccessful()) throw new IOException(\"Unexpected code \" + response);\n\n Headers responseHeaders = response.headers();\n for (int i = 0, size = responseHeaders.size(); i < size; i++) {\n System.out.println(responseHeaders.name(i) + \": \" + responseHeaders.value(i));\n }\n\n System.out.println(responseBody.string());\n }\n }\n });\n }\n ```\n\n### Accessing Headers ([.kt][AccessHeadersKotlin], [.java][AccessHeadersJava])\n\nTypically HTTP headers work like a `Map`: each field has one value or none. But some headers permit multiple values, like Guava's [Multimap](https://guava.dev/releases/23.0/api/docs/com/google/common/collect/Multimap.html). For example, it's legal and common for an HTTP response to supply multiple `Vary` headers. OkHttp's APIs attempt to make both cases comfortable.\n\nWhen writing request headers, use `header(name, value)` to set the only occurrence of `name` to `value`. If there are existing values, they will be removed before the new value is added. Use `addHeader(name, value)` to add a header without removing the headers already present.\n\nWhen reading response a header, use `header(name)` to return the _last_ occurrence of the named value. Usually this is also the only occurrence! If no value is present, `header(name)` will return null. To read all of a field's values as a list, use `headers(name)`.\n\nTo visit all headers, use the `Headers` class which supports access by index.\n\n=== \":material-language-kotlin: Kotlin\"\n ```kotlin\n private val client = OkHttpClient()\n\n fun run() {\n val request = Request.Builder()\n .url(\"https://api.github.com/repos/square/okhttp/issues\")\n .header(\"User-Agent\", \"OkHttp Headers.java\")\n .addHeader(\"Accept\", \"application/json; q=0.5\")\n .addHeader(\"Accept\", \"application/vnd.github.v3+json\")\n .build()\n\n client.newCall(request).execute().use { response ->\n if (!response.isSuccessful) throw IOException(\"Unexpected code $response\")\n\n println(\"Server: ${response.header(\"Server\")}\")\n println(\"Date: ${response.header(\"Date\")}\")\n println(\"Vary: ${response.headers(\"Vary\")}\")\n }\n }\n ```\n\n=== \":material-language-java: Java\"\n ```java\n private final OkHttpClient client = new OkHttpClient();\n\n public void run() throws Exception {\n Request request = new Request.Builder()\n .url(\"https://api.github.com/repos/square/okhttp/issues\")\n .header(\"User-Agent\", \"OkHttp Headers.java\")\n .addHeader(\"Accept\", \"application/json; q=0.5\")\n .addHeader(\"Accept\", \"application/vnd.github.v3+json\")\n .build();\n\n try (Response response = client.newCall(request).execute()) {\n if (!response.isSuccessful()) throw new IOException(\"Unexpected code \" + response);\n\n System.out.println(\"Server: \" + response.header(\"Server\"));\n System.out.println(\"Date: \" + response.header(\"Date\"));\n System.out.println(\"Vary: \" + response.headers(\"Vary\"));\n }\n }\n ```\n\n### Posting a String ([.kt][PostStringKotlin], [.java][PostStringJava])\n\nUse an HTTP POST to send a request body to a service. This example posts a markdown document to a web service that renders markdown as HTML. Because the entire request body is in memory simultaneously, avoid posting large (greater than 1 MiB) documents using this API.\n\n=== \":material-language-kotlin: Kotlin\"\n ```kotlin\n private val client = OkHttpClient()\n\n fun run() {\n val postBody = \"\"\"\n |Releases\n |--------\n |\n | * _1.0_ May 6, 2013\n | * _1.1_ June 15, 2013\n | * _1.2_ August 11, 2013\n |\"\"\".trimMargin()\n\n val request = Request.Builder()\n .url(\"https://api.github.com/markdown/raw\")\n .post(postBody.toRequestBody(MEDIA_TYPE_MARKDOWN))\n .build()\n\n client.newCall(request).execute().use { response ->\n if (!response.isSuccessful) throw IOException(\"Unexpected code $response\")\n\n println(response.body!!.string())\n }\n }\n\n companion object {\n val MEDIA_TYPE_MARKDOWN = \"text/x-markdown; charset=utf-8\".toMediaType()\n }\n ```\n=== \":material-language-java: Java\"\n ```java\n public static final MediaType MEDIA_TYPE_MARKDOWN\n = MediaType.parse(\"text/x-markdown; charset=utf-8\");\n\n private final OkHttpClient client = new OkHttpClient();\n\n public void run() throws Exception {\n String postBody = \"\"\n + \"Releases\\n\"\n + \"--------\\n\"\n + \"\\n\"\n + \" * _1.0_ May 6, 2013\\n\"\n + \" * _1.1_ June 15, 2013\\n\"\n + \" * _1.2_ August 11, 2013\\n\";\n\n Request request = new Request.Builder()\n .url(\"https://api.github.com/markdown/raw\")\n .post(RequestBody.create(MEDIA_TYPE_MARKDOWN, postBody))\n .build();\n\n try (Response response = client.newCall(request).execute()) {\n if (!response.isSuccessful()) throw new IOException(\"Unexpected code \" + response);\n\n System.out.println(response.body().string());\n }\n }\n ```\n\n### Post Streaming ([.kt][PostStreamingKotlin], [.java][PostStreamingJava])\n\nHere we `POST` a request body as a stream. The content of this request body is being generated as it's being written. This example streams directly into the [Okio](https://github.com/square/okio) buffered sink. Your programs may prefer an `OutputStream`, which you can get from `BufferedSink.outputStream()`.\n\n=== \":material-language-kotlin: Kotlin\"\n ```kotlin\n private val client = OkHttpClient()\n\n fun run() {\n val requestBody = object : RequestBody() {\n override fun contentType() = MEDIA_TYPE_MARKDOWN\n\n override fun writeTo(sink: BufferedSink) {\n sink.writeUtf8(\"Numbers\\n\")\n sink.writeUtf8(\"-------\\n\")\n for (i in 2..997) {\n sink.writeUtf8(String.format(\" * $i = ${factor(i)}\\n\"))\n }\n }\n\n private fun factor(n: Int): String {\n for (i in 2 until n) {\n val x = n / i\n if (x * i == n) return \"${factor(x)} × $i\"\n }\n return n.toString()\n }\n }\n\n val request = Request.Builder()\n .url(\"https://api.github.com/markdown/raw\")\n .post(requestBody)\n .build()\n\n client.newCall(request).execute().use { response ->\n if (!response.isSuccessful) throw IOException(\"Unexpected code $response\")\n\n println(response.body!!.string())\n }\n }\n\n companion object {\n val MEDIA_TYPE_MARKDOWN = \"text/x-markdown; charset=utf-8\".toMediaType()\n }\n ```\n=== \":material-language-java: Java\"\n ```java\n public static final MediaType MEDIA_TYPE_MARKDOWN\n = MediaType.parse(\"text/x-markdown; charset=utf-8\");\n\n private final OkHttpClient client = new OkHttpClient();\n\n public void run() throws Exception {\n RequestBody requestBody = new RequestBody() {\n @Override public MediaType contentType() {\n return MEDIA_TYPE_MARKDOWN;\n }\n\n @Override public void writeTo(BufferedSink sink) throws IOException {\n sink.writeUtf8(\"Numbers\\n\");\n sink.writeUtf8(\"-------\\n\");\n for (int i = 2; i <= 997; i++) {\n sink.writeUtf8(String.format(\" * %s = %s\\n\", i, factor(i)));\n }\n }\n\n private String factor(int n) {\n for (int i = 2; i < n; i++) {\n int x = n / i;\n if (x * i == n) return factor(x) + \" × \" + i;\n }\n return Integer.toString(n);\n }\n };\n\n Request request = new Request.Builder()\n .url(\"https://api.github.com/markdown/raw\")\n .post(requestBody)\n .build();\n\n try (Response response = client.newCall(request).execute()) {\n if (!response.isSuccessful()) throw new IOException(\"Unexpected code \" + response);\n\n System.out.println(response.body().string());\n }\n }\n ```\n\n### Posting a File ([.kt][PostFileKotlin], [.java][PostFileJava])\n\nIt's easy to use a file as a request body.\n\n=== \":material-language-kotlin: Kotlin\"\n ```kotlin\n private val client = OkHttpClient()\n\n fun run() {\n val file = File(\"README.md\")\n\n val request = Request.Builder()\n .url(\"https://api.github.com/markdown/raw\")\n .post(file.asRequestBody(MEDIA_TYPE_MARKDOWN))\n .build()\n\n client.newCall(request).execute().use { response ->\n if (!response.isSuccessful) throw IOException(\"Unexpected code $response\")\n\n println(response.body!!.string())\n }\n }\n\n companion object {\n val MEDIA_TYPE_MARKDOWN = \"text/x-markdown; charset=utf-8\".toMediaType()\n }\n ```\n=== \":material-language-java: Java\"\n ```java\n public static final MediaType MEDIA_TYPE_MARKDOWN\n = MediaType.parse(\"text/x-markdown; charset=utf-8\");\n\n private final OkHttpClient client = new OkHttpClient();\n\n public void run() throws Exception {\n File file = new File(\"README.md\");\n\n Request request = new Request.Builder()\n .url(\"https://api.github.com/markdown/raw\")\n .post(RequestBody.create(MEDIA_TYPE_MARKDOWN, file))\n .build();\n\n try (Response response = client.newCall(request).execute()) {\n if (!response.isSuccessful()) throw new IOException(\"Unexpected code \" + response);\n\n System.out.println(response.body().string());\n }\n }\n ```\n\n### Posting form parameters ([.kt][PostFormKotlin], [.java][PostFormJava])\n\nUse `FormBody.Builder` to build a request body that works like an HTML `