The Browser is one of HagalazOS’s flagship built-in applications. It runs inside a draggable, resizable window like every other app — but its key capability is network access that bypasses normal browser CORS restrictions. This is achieved through libcurl.js, a WebAssembly port of libcurl that routes HTTP traffic through a Wisp WebSocket proxy rather than the browser’s standard fetch stack.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/linuxfandudeguy/HagalazOS/llms.txt
Use this file to discover all available pages before exploring further.
How it opens
Click the Browser icon on the desktop or its button in the taskbar. TheopenWindow() function in script.js fetches the app’s HTML and renders it inside a sandboxed blob iframe:
fallbackUrl can be set in the app descriptor to retrieve the app from a CDN instead.
libcurl.js and the Wisp proxy
Standard browserfetch() enforces CORS — servers must opt-in by returning the right headers before a cross-origin request succeeds. The Browser app works around this by routing requests through a Wisp WebSocket server via libcurl.js.
libcurl.js establishes a persistent WebSocket connection to a Wisp endpoint, then tunnels HTTP requests through it. From the perspective of the destination server, the request comes from the Wisp server’s IP — not from your browser.
The same public Wisp endpoint used by the terminal’s curl command is:
The default Wisp endpoint (
wss://wisp.mercurywork.shop/) is a community-run public service. Uptime is not guaranteed. For reliable deployments, consider self-hosting a Wisp server.Sandboxed iframe context
Like all HagalazOS apps, the Browser runs in a blob iframe. A newBlob URL is created from the app’s HTML each time the window is opened, and the URL is revoked after 60 seconds. The app document is isolated from the host page — it cannot directly access the parent window’s globals.