# Desktop `net::ERR_INVALID_ARGUMENT` — OAuth Content-Length Bug

## The Bug

Hermes Desktop fails with `error invoking remote method hermes:api: Error: net::ERR_INVALID_ARGUMENT` when trying to perform JSON-body mutations (config saves, session archives, model switches). GET requests, OAuth login, and chat work fine.

**Root cause:** The Desktop's OAuth REST bridge (`fetchJsonViaOauthSession` in `apps/desktop/electron/main.cjs`) uses Electron's `net.request` to attach the HttpOnly OAuth session cookie. It manually sets `Content-Length`, which Electron's `ClientRequest` rejects as a restricted app-set header. Every JSON-body mutation (`PUT /api/config`, `PATCH /api/sessions/:id`) fails before reaching the network.

## The Fix

Merged in PR #40209 (Jun 6, 2026) by @teknium1, salvaged from #40055 by @helix4u.

Changes:
- `apps/desktop/electron/main.cjs` — stop setting restricted `Content-Length`; let Chromium frame the body
- `apps/desktop/electron/oauth-net-request.cjs` — added `serializeJsonBody` and `setJsonRequestHeaders` helpers
- `apps/desktop/electron/oauth-net-request.test.cjs` — regression coverage

**Fix on the client machine:**
```bash
hermes update
```
Then restart Hermes Desktop.

## Scope

Only the Electron `net.request` path is affected. Other `Content-Length` sites (`fetchJson`, `fetchPublicJson`) use Node `http`/`https`, where the header is required and NOT restricted.

## References

- PR #40209: https://github.com/NousResearch/hermes-agent/pull/40209
- Original: PR #40055 by @helix4u
- Related: PR #40174 (alternative in-progress approach)
- Issue #40215 (area/config, type/bug)
