Originally published at https://httptoolkit.tech.

Certificate infrastructure is built on trust. If you trust the wrong thing, it all falls down. Unfortunately, we developers do it all the time anyway. YOLO.

A remarkable number of dev tools & practices encourage or require you to globally trust a certificate authority (CA) that they provide or generate locally. If you do so these, anybody with access to the key for that CA can rewrite any HTTPS traffic between you and anything, and take almost complete control of your internet traffic.

We don’t need to do this. These tools could easily work without globally…


Debug all HTTP(S) sent by git, npm, apt-get, or anything else

The command line is powerful, but can be hard to understand, and extremely hard to debug. Ever run a command, see it fail with a cryptic error, and have no idea why?

Better tools can help you understand what’s really going on. They can let you see inside the command you’re running to understand how it’s communicating, see what data it’s working with, and debug it in depth.

Excitingly I’ve just shipped one-click terminal interception to do exactly this with HTTP Toolkit, for HTTP and HTTPS, to show you…


HTTP View is a beautiful, free & open-source HTTP inspector. This is the first release of HTTP Toolkit, and lets you intercept HTTP or HTTPS traffic with one click, explore & examine that traffic up close, and discover exactly what your code (or anybody else’s) is sending.

Want to dive right in? Download it now.

HTTP Toolkit is a project that I’ve been working on for a while, to build an open-source suite of tools for HTTP development. …


Federate your content just one more step, all by yourself, and making jumping ship a little less scary.

Mastodon has been quietly building popularity for a good few months now, but over the past 48 hours it’s really burst to life, leaping from 25,000 to 40,000+ users in no time at all.

This is an exciting good thing: we’ve been in desperate need of less centralized and walled social networks for a good long time now.

Moving on from Twitter though isn’t easy, as many of us have been there many years, and dumping all your friends there is a high price to pay. What you need, is a way to sync between them, so you can start…


Because sometimes you want to know if they actually work.

Bash scripts are unloved and underappreciated. Many of us developers spend a lot of time on the command line, and a good shell script is an incredibly powerful thing to drop into & extend your existing workflow.

Shell scripting isn’t easy though. Many of the tools and techniques you might be used to aren’t nearly as effective or well-used on the command line. Testing is a good example: in most languages, there’s a clearly agreed basic approach to testing, and most projects have at least a few tests sprinkled around (though often not as many as they’d like).

In shell…


CSS-only tabs are a fun topic, and :target is a delightfully elegant declarative approach, except for the bit where it doesn’t work. The #hash links involved jump you around the page by default, and disabling that jumping breaks :target in your CSS, due to poorly defined behaviour in the spec, and corresponding bugs in every browser.

Or so we thought. Turns out there is a way to make this work almost perfectly, despite these bugs, and get perfect CSS-only accessible linkable history-tracking tabs for free.

What? Let’s back up.

What’s :target?

:target is a CSS psuedo-class that matches an element if its…


Part 2: How to use client-side libraries like Leaflet, in Node.

As discussed in Part One: Why?, it’d be really useful to be able to take an interesting UI component like a map, and pre-render it on the server as a web component, using Server Components.

We don’t want to do the hard mapping ourselves though. Really, we’d like this to be just as easy as building a client-side UI component. We’d like to use a shiny mapping library, like Leaflet, to give us all the core functionality right out of the box. Unfortunately though, Leaflet doesn’t run server-side.

This article’s going to focus on fixing that so you can use…


Get easy confidence on exactly what you’re committing.

Git Confirm is a git hook, which asks you to confirm when you commit a change that includes additions from a (configurable) list of risky matches. Think ‘TODO’, ‘FIXME’, ‘@Ignore’, ‘describe.skip/it.skip’ and ‘describe.only/it.only’. You can drop Git Confirm in, and effortlessly stop yourself ever committing anything like this by accident.

TODO is the easiest example. It’s really useful to sprinkle TODO comments in your code as you work, to mark things that will need fixing in future, and jot down notes as you work. It’s really terrible to end up with a codebase riddled with them though. …


You’ve written an application deployed using Dokku, and you’ve got it all up and running and great. You’ve heard a lot about why HTTPS is important nowadays, especially the SEO and performance benefits, and you’d like to add all that, with minimal cost and hassle. Let’s get right on that.

Let’s Encrypt is a new certificate authority (an organisation that issues the certificates you need to host an HTTPS site), which provides certificates to sites entirely for free, by totally automating the system, to help get 100% of the web onto HTTPS. Sounds great, right?

To set up this up…


Part 1: Why do we need better maps?

Maps are a standard tool in our web UI toolkit; they’re an easy way to link our applications to the real world they (hopefully) involve. At the same time though, maps aren’t as easy to include in your web site as you might want, and certainly don’t feel like a native part of the web.

Critically, unlike many other UI components, you normally can’t just serve up a map with plain HTML. You can easily serve up HTML with a videos embedded, or complex forms, or intricate SVG images and animations, or MathML, but maps don’t quite make the cut…

Tim Perry

Creator of HTTP Toolkit

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store