[GH-ISSUE #4905] [bug]: Agent inconsistent Content-Type header overrides #1850

New issue

Closed

opened 2026-03-16 22:04:56 +03:00 by kerem · 7 comments

kerem commented 2026-03-16 22:04:56 +03:00

Owner

Copy link

Originally created by @qhris on GitHub (Mar 18, 2025).
Original GitHub issue: https://github.com/hoppscotch/hoppscotch/issues/4905

Originally assigned to: @CuriousCorrelation on GitHub.

Is there an existing issue for this?

• I have searched existing issues and this bug hasn't been reported yet

Current behavior

Overriding the Content-Type header in the UI results in the web server receiving multiple Content-Type headers, which is incorrect behavior.

The same behavior happens when using OAuth2 with the agent and clicking "generate token".

Steps to reproduce

Override scenario:

1. Enable the Hoppscotch Agent in settings.
2. Set the body content-type of a request to application/json with some dummy data.
3. Override the Content-Type header (making sure to use capital letters, since the relay adds a duplicate with lowercase).
4. Send the request and observe undefined behavior.

OAuth2 scenario:

1. Enable the Hoppscotch Agent in settings.
2. Configure OAuth2 auhentication for a request (with client_credentials).
3. Click generate token.
4. Observe request headers received in backend
5. In my case, I get a 400 because the backend does not accept multiple Content-Type headers.

Logs and Screenshots

Environment

Production

Hoppscotch Version

Cloud

Interceptor

Agent - Web App

Browsers Affected

Not browser-specific

Operating System

None

Additional Information

I'm observing this behavior with the following:

• Running in cloud on v2025.2.2 using agent 0.1.6.
• Using the self hosted variant on the last commit e2e5d4f1d5.

Additionally, when testing with https://echo.hoppscotch.io it incorrectly reports a single Content-Type header, even though multiple were sent. Testing this against my local C# application and logging the headers I can see that hoppscotch agent sends multiple Content-Type headers, in random order.

I managed to hack together a workaround in the prepare method of relay/src/request.rs by checking if request_headers contains a Content-Type header (case insensitive) and removing the content-type header set in ContentHandler to prefer the header coming from the UI.

Originally created by @qhris on GitHub (Mar 18, 2025). Original GitHub issue: https://github.com/hoppscotch/hoppscotch/issues/4905 Originally assigned to: @CuriousCorrelation on GitHub. ### Is there an existing issue for this? - [x] I have searched existing issues and this bug hasn't been reported yet ### Current behavior Overriding the `Content-Type` header in the UI results in the web server receiving multiple `Content-Type` headers, which is incorrect behavior. The same behavior happens when using OAuth2 with the agent and clicking "generate token". ### Steps to reproduce #### Override scenario: 1. Enable the Hoppscotch Agent in settings. 2. Set the body content-type of a request to `application/json` with some dummy data. 3. Override the `Content-Type` header (making sure to use capital letters, since the relay adds a duplicate with lowercase). 4. Send the request and observe undefined behavior. #### OAuth2 scenario: 1. Enable the Hoppscotch Agent in settings. 2. Configure OAuth2 auhentication for a request (with client_credentials). 3. Click `generate token`. 4. Observe request headers received in backend 5. In my case, I get a 400 because the backend does not accept multiple `Content-Type` headers. ### Logs and Screenshots ```shell ``` ### Environment Production ### Hoppscotch Version Cloud ### Interceptor Agent - Web App ### Browsers Affected Not browser-specific ### Operating System None ### Additional Information I'm observing this behavior with the following: - Running in cloud on `v2025.2.2` using agent `0.1.6`. - Using the self hosted variant on the last commit e2e5d4f1d50c22aa1846e05cbc83abd81949ab2a. Additionally, when testing with `https://echo.hoppscotch.io` it incorrectly reports a single `Content-Type` header, even though multiple were sent. Testing this against my local C# application and logging the headers I can see that hoppscotch agent sends multiple Content-Type headers, in random order. I managed to hack together a workaround in the `prepare` method of `relay/src/request.rs` by checking if `request_headers` contains a `Content-Type` header (case insensitive) and removing the content-type header set in `ContentHandler` to prefer the header coming from the UI.

kerem 2026-03-16 22:04:56 +03:00

• closed this issue
• added the
  bug
  need testing
  labels

kerem commented 2026-03-16 22:05:12 +03:00

Author

Owner

Copy link

@evanqhuang commented on GitHub (Mar 18, 2025):

Also having the same issue. This is a big problem when trying to run requests that need to override the Content-Type header for request body versioning. E.g. Content-Type application/json;v=2

<!-- gh-comment-id:2734192370 --> @evanqhuang commented on GitHub (Mar 18, 2025): Also having the same issue. This is a big problem when trying to run requests that need to override the `Content-Type` header for request body versioning. E.g. `Content-Type application/json;v=2`

kerem commented 2026-03-16 22:05:17 +03:00

Author

Owner

Copy link

@CuriousCorrelation commented on GitHub (Mar 20, 2025):

Hi @qhris, new Hoppscotch release v2025.2.3, agent v0.1.7, and the desktop app v25.2.3 are out. Could you please check if these updates resolved your issue?

<!-- gh-comment-id:2739275444 --> @CuriousCorrelation commented on GitHub (Mar 20, 2025): Hi @qhris, new Hoppscotch release [v2025.2.3](https://github.com/hoppscotch/hoppscotch/releases/tag/2025.2.3), agent [v0.1.7](https://github.com/hoppscotch/agent-releases/releases/tag/v0.1.7), and the desktop app [v25.2.3](https://github.com/hoppscotch/releases/releases/tag/v25.2.3-0) are out. Could you please check if these updates resolved your issue?

kerem commented 2026-03-16 22:05:22 +03:00

Author

Owner

Copy link

@CuriousCorrelation commented on GitHub (Mar 20, 2025):

@evanqhuang Hi, this issue may now be partially resolved, although overrides may not work fully in all situations, if you do see it fixed, let me know, otherwise this will be fully resolved in one of the upcoming releases.

<!-- gh-comment-id:2739282408 --> @CuriousCorrelation commented on GitHub (Mar 20, 2025): @evanqhuang Hi, this issue may now be partially resolved, although overrides may not work fully in all situations, if you do see it fixed, let me know, otherwise this will be fully resolved in one of the upcoming releases.

kerem commented 2026-03-16 22:05:27 +03:00

Author

Owner

Copy link

@qhris commented on GitHub (Mar 20, 2025):

Hey @CuriousCorrelation I can confirm that duplicate headers are no longer sent.
But when overriding the header in the UI with for example application/json;v=2 as mentioned above, approximately 50% of the requests get the incorrect application/json instead of application/json;v=2.

Using the published 0.1.7 agent on hoppscotch cloud v2025.2.3.

Not sure if you want me to create a new issue because it still doesn't really fix the override scenario. Here are the relevant logs from my application:

Resulting logs from my local app after sending 12 consecutive requests without any changes from the UI side (just hitting send a couple of times):

[09:46:47 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"]
[09:46:47 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json;v=2]", "[Content-Length, 16]"]
[09:46:48 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"]
[09:46:49 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json;v=2]", "[Content-Length, 16]"]
[09:46:49 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"]
[09:46:49 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"]
[09:46:50 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json;v=2]", "[Content-Length, 16]"]
[09:46:50 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"]
[09:47:01 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json;v=2]", "[Content-Length, 16]"]
[09:47:01 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"]
[09:47:02 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"]
[09:47:02 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"]

<!-- gh-comment-id:2739623601 --> @qhris commented on GitHub (Mar 20, 2025): Hey @CuriousCorrelation I can confirm that duplicate headers are no longer sent. But when overriding the header in the UI with for example `application/json;v=2` as mentioned above, approximately 50% of the requests get the incorrect `application/json` instead of `application/json;v=2`. Using the published `0.1.7` agent on hoppscotch cloud `v2025.2.3`. Not sure if you want me to create a new issue because it still doesn't really fix the override scenario. Here are the relevant logs from my application: Resulting logs from my local app after sending 12 consecutive requests without any changes from the UI side (just hitting send a couple of times): ``` [09:46:47 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"] [09:46:47 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json;v=2]", "[Content-Length, 16]"] [09:46:48 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"] [09:46:49 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json;v=2]", "[Content-Length, 16]"] [09:46:49 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"] [09:46:49 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"] [09:46:50 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json;v=2]", "[Content-Length, 16]"] [09:46:50 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"] [09:47:01 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json;v=2]", "[Content-Length, 16]"] [09:47:01 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"] [09:47:02 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"] [09:47:02 INF] Request headers: ["[Accept, */*]", "[Host, localhost:5003]", "[Accept-Encoding, deflate, gzip]", "[Content-Type, application/json]", "[Content-Length, 16]"] ```

kerem commented 2026-03-16 22:05:32 +03:00

Author

Owner

Copy link

@CuriousCorrelation commented on GitHub (Mar 20, 2025):

@qhris Thanks for confirming the duplicate header issue is resolved.

Regarding header overriding - you're right, this remains an issue. For context - this behavior is an artifact of a planned change to how the request construction was handled by the app at fundamental levels which were delayed due to some priority rearrangements, but rest assured it'll be fixed in the upcoming patch release, which is scheduled very soon.

No need to create a separate issue - since this is related to the original problem, we'll keep this issue open to track both concerns.

<!-- gh-comment-id:2739802247 --> @CuriousCorrelation commented on GitHub (Mar 20, 2025): @qhris Thanks for confirming the duplicate header issue is resolved. Regarding header overriding - you're right, this remains an issue. For context - this behavior is an artifact of a planned change to how the request construction was handled by the app at fundamental levels which were delayed due to some priority rearrangements, but rest assured it'll be fixed in the upcoming patch release, which is scheduled very soon. No need to create a separate issue - since this is related to the original problem, we'll keep this issue open to track both concerns.

kerem commented 2026-03-16 22:05:37 +03:00

Author

Owner

Copy link

@CuriousCorrelation commented on GitHub (Mar 20, 2025):

I've updated the issue title to focus on the remaining bug - the inconsistent Content-Type header overrides, this will help track the next stage of fixing the header handling logic.

<!-- gh-comment-id:2739811367 --> @CuriousCorrelation commented on GitHub (Mar 20, 2025): I've updated the issue title to focus on the remaining bug - the inconsistent Content-Type header overrides, this will help track the next stage of fixing the header handling logic.

kerem commented 2026-03-16 22:05:42 +03:00

Author

Owner

Copy link

@qhris commented on GitHub (Mar 31, 2025):

Hey, this is now fixed in version 2025.3.0, closing this issue.

<!-- gh-comment-id:2766130906 --> @qhris commented on GitHub (Mar 31, 2025): Hey, this is now fixed in version `2025.3.0`, closing this issue.

kerem referenced this issue 2026-03-17 01:07:50 +03:00

[PR #1850] [MERGED] Feature/1842 make body stored on query vars #3524

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

chore/security-fix-2026-4-0

next

fix/mockserver-env-set-url-priority

feat/rest-gql-merge

refactor/workspaces

fix/onboarding-mass-assignment

desktop-settings-phase-0-schema-bridge-shell

patch

test-webhook

pr/johnan319/5745

tembo/optimize-performance-db-queries

add-claude-github-actions-1772782423108

fix/code-scanning-103

fix/mock-server-example-endpoint-match-v2

fix/rate-limit-on-health-route

hotfix/api-doc-collection-deletetion

cd-test

fix/mock-server-backend-followup

chore/code-scanning-52

chore/verion-addition-check

nested-migrations

scripting-system-updates-worker-setup

scripting-system-updates

pr/shipko/4367

ci-test

feat/user-delete-condition

feat/user-workspace-stats-api

chore/collection-export-addition

fix/import-file-size-limit-flow

feat/dashboard-common

feat/sort-environment-alphabetically

feat/infra-config-encryption

refactor/team

feat/collection-duplicationn

feat/secure-cookies-toggle

pr/pavog/4195

pr/pavog/4196

test/patch-demo

feat/native-interceptor-updates

pr/AndrewBastin/4111

feat/user-last-active-on

fix/codemirror-large-text-scroll-bug

fix/precision-lost-beautify

fix/env-diff-test-schema-error

fix/email-case-sensitive

release/2024.3.3

refactor/workspace-login-conversion

feat/node-apline-version-upgrade

feat/seed

release/2024.3.2

fix/sh-email-handlebar-issue

feat/app-experiment-animation

release/2024.3.1

release/2024.3.0

pr/jamesgeorge007/3937

experiment/deploychan

feat/github-enterprise-auth

refactor/collection-search-query

hotfix/infra-config-reset-bug

fix/secret-var-bug

hotfix/full-text-search

hotfix/request-variable-version-syncing

feat/request-variable

feat/server-config-additional-properties

pr/JoelJacobStephen/3845

release/2023.12.6

fix/safari-codemirror-perf-bug

release/2023.12.5

release/2023.12.4

fix/secret-env-bugs-tooltip

release/2023.12.3

fix/shared-request-bug

fix/disable-context-menu-option

release/2023.12.2

release/2023.12.1

fix/shared-request-bugs

release/2023.12.0

fix/gql-history-schema

fix/actions-not-working-without-sidebar

pr/jamesgeorge007/3665

chore/desktop-app-corrections

fix/auth-headers-in-coll

fix/embed-url

improve/placeholder

add-realtime-logos

feat/shared-request-embeds

feat/collection-headers

revamp/header

release/2023.8.4

refactor/interceptor-error-display

feat/subpath-based-access

release/2023.8.3

feat/shared-requests

feat/desktop

fix/nodemailer-templates-issue

feature/upgrade-graphql-ws

fix/graphql-crashing

fix/set-environments-when-no-env-selected

refactor/pre-prisma-bump-setup

release/2023.8.2

pr/danitherex/3216

perf/raw-db-query

release/2023.8.1

revert-3348-perf/reduce-backend-calls

fix/incorrect-tab-count-close-all-tab

fix/duplicate-tab-bug

release/2023.8.0

hotfix/fetch-shortcode

fix/tab-right-click-rename-bug

chore/docker-fixes

pr/JoelJacobStephen/3178

feat/fe-accessible-auth-provider-env

feat-cherry-pick/conditional-auth-select

feat/conditional-auth-select

release/2023.4.8

fix/generate-sitemap-issue

test/backend-test-case

refactor/team-invitation

pr/AndrewBastin/3171

release/2023.4.7

fix/duplicate-team-invite

fix/unified-bg-color-coll-tree

fix/shortcode-screen-stuck

release/2023.4.6

revert-3117-patch-3

fix/env-selector-bg

fix/db-url

release/2023.4.4

fix/sync-popup-bug

fix/team-env-set-test

chore/wss-to-ws-on-env

fix/prettify-xml-response

feat/db-volume-addition

feat/env-selector-tabs-ui

bug/broken-env

release/2023.4.2

fix/switch-workspace-env-bug

fix/magic-link

fix/cookie-handler

HPS-OSS-1

staging

revert/auth-issue

feat/export-env

refactor/commons

reference/path-variables

orphan-pr/2243

feat/realtime-search

fix/save-override

refactor/strategies

feat/embeds

bug/withDefaults

feat/show-keys

refactor/toast

2026.3.1

2026.3.0

2026.2.1

2026.2.0

2026.1.1

2026.1.0

2025.12.1

2025.12.0

2025.11.2

2025.11.1

2025.11.0

2025.10.1

2025.10.0

2025.9.2

2025.9.1

2025.9.0

2025.8.1

2025.8.0

2025.7.1

2025.7.0

2025.6.1

2025.6.0

2025.5.4

2025.5.3

2025.5.2

2025.5.1

2025.5.0

2025.4.2

2025.4.1

2025.4.0

2025.3.2

2025.3.1

2025.3.0

2025.2.3

2025.2.2

2025.2.1

2025.2.0

2025.1.1

2025.1.0

2024.12.2

2024.12.1

2024.12.0

2024.11.0

2024.10.2

2024.10.1

2024.10.0

2024.9.3

2024.9.2

2024.9.1

2024.9.0

2024.8.3

2024.8.2

2024.8.1

2024.8.0

2024.7.2

2024.7.1

2024.7.0

2024.6.1

2024.6.0

2024.3.4

2024.3.3

2024.3.2

2024.3.1

2024.3.0

2023.12.6

2023.12.5

2023.12.4

2023.12.3

2023.12.2

2023.12.1

2023.12.0

2023.8.4

2023.8.3

2023.8.2

2023.8.1

2023.8.0

2023.4.8

2023.4.7

2023.4.6

2023.4.5

2023.4.4

2023.4.3

2023.4.2

2023.4.1

2023.4.0

v3.0.1

v3.0.0

v2.2.1

v2.2.0

v2.1.0

v2.0.0

v1.12.0

v1.10.0

v1.9.9

v1.9.7

v1.9.5

v1.9.0

v1.8.0

v1.5.0

v1.0.0

v0.1.0

Labels

Clear labels   

CodeDay

  

a11y

  

browser limited

  

bug

  

bug fix

  

cli

  

core

  

critical

  

design

  

desktop

  

discussion

  

docker

  

documentation

  

duplicate

  

enterprise

  

feature

  

feature

  

fosshack

  

future

  

good first issue

  

hacktoberfest

  

help wanted

  

i18n

  

invalid

  

major

  

minor

  

need information

  

need testing

  

not applicable to hoppscotch

  

not reproducible

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactor

  

resolved

  

sandbox

  

self-host

  

spam

  

stale

  

testmu

  

wip

  

wont fix

No labels

CodeDay

a11y

browser limited

bug

bug fix

cli

core

critical

design

desktop

discussion

docker

documentation

duplicate

enterprise

feature

feature

fosshack

future

good first issue

hacktoberfest

help wanted

i18n

invalid

major

minor

need information

need testing

not applicable to hoppscotch

not reproducible

pull-request

question

refactor

resolved

sandbox

self-host

spam

stale

testmu

wip

wont fix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/hoppscotch#1850

No description provided.