curl/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.md

---
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
SPDX-License-Identifier: curl
Title: CURLOPT_UNRESTRICTED_AUTH
Section: 3
Source: libcurl
See-also:
  - CURLINFO_REDIRECT_COUNT (3)
  - CURLOPT_FOLLOWLOCATION (3)
  - CURLOPT_MAXREDIRS (3)
  - CURLOPT_REDIR_PROTOCOLS_STR (3)
  - CURLOPT_USERPWD (3)
Protocol:
  - HTTP
---

# NAME

CURLOPT_UNRESTRICTED_AUTH - send credentials to other hosts too

# SYNOPSIS

~~~c
#include <curl/curl.h>

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNRESTRICTED_AUTH,
                          long goahead);
~~~

# DESCRIPTION

Set the long *gohead* parameter to 1L to make libcurl continue to send
authentication (user+password) credentials when following locations, even when
hostname changed. This option is meaningful only when setting
CURLOPT_FOLLOWLOCATION(3).

Further, when this option is not used or set to **0L**, libcurl does not
send custom nor internally generated Authentication: headers on requests done
to other hosts than the one used for the initial URL.

By default, libcurl only sends credentials and Authentication headers to the
initial hostname as given in the original URL, to avoid leaking username +
password to other sites.

This option should be used with caution: when curl follows redirects it
blindly fetches the next URL as instructed by the server. Setting
CURLOPT_UNRESTRICTED_AUTH(3) to 1L makes curl trust the server and sends
possibly sensitive credentials to any host the server points to, possibly
again and again as the following hosts can keep redirecting to new hosts.

# DEFAULT

0

# EXAMPLE

~~~c
int main(void)
{
  CURL *curl = curl_easy_init();
  if(curl) {
    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
    curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L);
    curl_easy_perform(curl);
  }
}
~~~

# AVAILABILITY

Along with HTTP

# RETURN VALUE

Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not.
docs: introduce "curldown" for libcurl man page format curldown is this new file format for libcurl man pages. It is markdown inspired with differences: - Each file has a set of leading headers with meta-data - Supports a small subset of markdown - Uses .md file extensions for editors/IDE/GitHub to treat them nicely - Generates man pages very similar to the previous ones - Generates man pages that still convert nicely to HTML on the website - Detects and highlights mentions of curl symbols automatically (when their man page section is specified) tools: - cd2nroff: converts from curldown to nroff man page - nroff2cd: convert an (old) nroff man page to curldown - cdall: convert many nroff pages to curldown versions - cd2cd: verifies and updates a curldown to latest curldown This setup generates .3 versions of all the curldown versions at build time. CI: Since the documentation is now technically markdown in the eyes of many things, the CI runs many more tests and checks on this documentation, including proselint, link checkers and tests that make sure we capitalize the first letter after a period... Closes #12730 2024-01-17 18:32:44 +08:00			`---`
curldown: Fix email address in Copyright The curldown conversion accidentally replaced daniel@haxx.se with just daniel.se. This reverts back to the proper email address in the curldown docs as well as in a few other stray places where it was incorrect (while unrelated to curldown). Reviewed-by: Daniel Stenberg <daniel@haxx.se> Closes: #12997 2024-02-28 18:28:10 +08:00			`c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.`
docs: introduce "curldown" for libcurl man page format curldown is this new file format for libcurl man pages. It is markdown inspired with differences: - Each file has a set of leading headers with meta-data - Supports a small subset of markdown - Uses .md file extensions for editors/IDE/GitHub to treat them nicely - Generates man pages very similar to the previous ones - Generates man pages that still convert nicely to HTML on the website - Detects and highlights mentions of curl symbols automatically (when their man page section is specified) tools: - cd2nroff: converts from curldown to nroff man page - nroff2cd: convert an (old) nroff man page to curldown - cdall: convert many nroff pages to curldown versions - cd2cd: verifies and updates a curldown to latest curldown This setup generates .3 versions of all the curldown versions at build time. CI: Since the documentation is now technically markdown in the eyes of many things, the CI runs many more tests and checks on this documentation, including proselint, link checkers and tests that make sure we capitalize the first letter after a period... Closes #12730 2024-01-17 18:32:44 +08:00			`SPDX-License-Identifier: curl`
			`Title: CURLOPT_UNRESTRICTED_AUTH`
			`Section: 3`
			`Source: libcurl`
			`See-also:`
			`- CURLINFO_REDIRECT_COUNT (3)`
			`- CURLOPT_FOLLOWLOCATION (3)`
			`- CURLOPT_MAXREDIRS (3)`
			`- CURLOPT_REDIR_PROTOCOLS_STR (3)`
			`- CURLOPT_USERPWD (3)`
docs: make each libcurl man specify protocol(s) The mandatory header now has a mandatory list of protocols for which the manpage is relevant. Most man pages already has a "PROTOCOLS" section, but this introduces a stricter way to specify the relevant protocols. cd2nroff verifies that at least one protocol is mentioned (which can be `*`). This information is not used just yet, but A) the PROTOCOLS section can now instead get generated and get a unified wording across all manpages and B) this allows us to more reliably filter/search for protocol specific manpages/options. Closes #13166 2024-03-21 18:50:20 +08:00			`Protocol:`
			`- HTTP`
docs: introduce "curldown" for libcurl man page format curldown is this new file format for libcurl man pages. It is markdown inspired with differences: - Each file has a set of leading headers with meta-data - Supports a small subset of markdown - Uses .md file extensions for editors/IDE/GitHub to treat them nicely - Generates man pages very similar to the previous ones - Generates man pages that still convert nicely to HTML on the website - Detects and highlights mentions of curl symbols automatically (when their man page section is specified) tools: - cd2nroff: converts from curldown to nroff man page - nroff2cd: convert an (old) nroff man page to curldown - cdall: convert many nroff pages to curldown versions - cd2cd: verifies and updates a curldown to latest curldown This setup generates .3 versions of all the curldown versions at build time. CI: Since the documentation is now technically markdown in the eyes of many things, the CI runs many more tests and checks on this documentation, including proselint, link checkers and tests that make sure we capitalize the first letter after a period... Closes #12730 2024-01-17 18:32:44 +08:00			`---`

			`# NAME`

			`CURLOPT_UNRESTRICTED_AUTH - send credentials to other hosts too`

			`# SYNOPSIS`

			`~~~c`
			`#include <curl/curl.h>`

			`CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNRESTRICTED_AUTH,`
			`long goahead);`
			`~~~`

			`# DESCRIPTION`

			`Set the long gohead parameter to 1L to make libcurl continue to send`
			`authentication (user+password) credentials when following locations, even when`
			`hostname changed. This option is meaningful only when setting`
			`CURLOPT_FOLLOWLOCATION(3).`

			`Further, when this option is not used or set to 0L, libcurl does not`
			`send custom nor internally generated Authentication: headers on requests done`
			`to other hosts than the one used for the initial URL.`

			`By default, libcurl only sends credentials and Authentication headers to the`
GHA: add a job scanning for "bad words" in markdown This means words, phrases or things we have decided not to use - words that are spelled right according to the dictionary but we want to avoid. In the name of consistency and better documentation. Closes #12764 2024-01-23 22:12:09 +08:00			`initial hostname as given in the original URL, to avoid leaking username +`
docs: introduce "curldown" for libcurl man page format curldown is this new file format for libcurl man pages. It is markdown inspired with differences: - Each file has a set of leading headers with meta-data - Supports a small subset of markdown - Uses .md file extensions for editors/IDE/GitHub to treat them nicely - Generates man pages very similar to the previous ones - Generates man pages that still convert nicely to HTML on the website - Detects and highlights mentions of curl symbols automatically (when their man page section is specified) tools: - cd2nroff: converts from curldown to nroff man page - nroff2cd: convert an (old) nroff man page to curldown - cdall: convert many nroff pages to curldown versions - cd2cd: verifies and updates a curldown to latest curldown This setup generates .3 versions of all the curldown versions at build time. CI: Since the documentation is now technically markdown in the eyes of many things, the CI runs many more tests and checks on this documentation, including proselint, link checkers and tests that make sure we capitalize the first letter after a period... Closes #12730 2024-01-17 18:32:44 +08:00			`password to other sites.`

			`This option should be used with caution: when curl follows redirects it`
			`blindly fetches the next URL as instructed by the server. Setting`
GHA: add a job scanning for "bad words" in markdown This means words, phrases or things we have decided not to use - words that are spelled right according to the dictionary but we want to avoid. In the name of consistency and better documentation. Closes #12764 2024-01-23 22:12:09 +08:00			`CURLOPT_UNRESTRICTED_AUTH(3) to 1L makes curl trust the server and sends`
			`possibly sensitive credentials to any host the server points to, possibly`
			`again and again as the following hosts can keep redirecting to new hosts.`
docs: introduce "curldown" for libcurl man page format curldown is this new file format for libcurl man pages. It is markdown inspired with differences: - Each file has a set of leading headers with meta-data - Supports a small subset of markdown - Uses .md file extensions for editors/IDE/GitHub to treat them nicely - Generates man pages very similar to the previous ones - Generates man pages that still convert nicely to HTML on the website - Detects and highlights mentions of curl symbols automatically (when their man page section is specified) tools: - cd2nroff: converts from curldown to nroff man page - nroff2cd: convert an (old) nroff man page to curldown - cdall: convert many nroff pages to curldown versions - cd2cd: verifies and updates a curldown to latest curldown This setup generates .3 versions of all the curldown versions at build time. CI: Since the documentation is now technically markdown in the eyes of many things, the CI runs many more tests and checks on this documentation, including proselint, link checkers and tests that make sure we capitalize the first letter after a period... Closes #12730 2024-01-17 18:32:44 +08:00
			`# DEFAULT`

			`0`

			`# EXAMPLE`

			`~~~c`
			`int main(void)`
			`{`
			`CURL *curl = curl_easy_init();`
			`if(curl) {`
			`curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");`
			`curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);`
			`curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L);`
			`curl_easy_perform(curl);`
			`}`
			`}`
			`~~~`

			`# AVAILABILITY`

			`Along with HTTP`

			`# RETURN VALUE`

			`Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not.`