[bug]: Firecamp send an "HTTPS" request even if the URL starts with "HTTP://

[om3rcitak]

Describe the bug
Firecamp is trying to send an "HTTPS" request even if the URL starts with "HTTP://".

To Reproduce

1. Paste any URL which starts with "http://" into URL input
2. Click the "send" button

Expected behavior
Send a HTTP request if the URL starts with "http://"

Screenshots

Desktop:

• OS: Windows 11
• Browser: Chrome
• Version: 127.0.6533.120 (Official Build) (64-bit)

[Its-kushal]

Hello, @om3rcitak

I would like to work on this bug.

Please assign me this issue. I will fix this as soon as possible.

[machimozor]

Hey can you assigne this issue ?

[mdotwills]

Yep, noticed this bug too and came here to check the issues

[mdotwills]

So had a quick look into this. For me, when using firecamp in the browser, the Content Security Policy upgrade-insecure-requests directive seems to be the offending party here (doing what it's supposed to do!)

firecamp/templates/index.html

Lines 40 to 43 in abfc292

	<meta
	http-equiv="Content-Security-Policy"
	content="upgrade-insecure-requests"
	/>

I think the original commit author was under an incorrect assumption that adding this directive would allow http requests, judging from this commit message.

From MDN

The HTTP Content-Security-Policy (CSP) upgrade-insecure-requests directive instructs user agents to treat all of a site's insecure URLs (those served over HTTP) as though they have been replaced with secure URLs (those served over HTTPS).

Removing this line from the template file allowed me to make requests locally via http successfully. This is something I would expect an API workbench like firecamp to be able to do. Might pull together a PR but it would require some input about toggling the CSP features on/off as there may be other security tradeoffs involved.