mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-02-23 15:10:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: add description of effect of --location-trusted on cookie

Browse Source 
Closes #14471
This commit is contained in:
XYenon 2024-08-09 17:30:40 +08:00 committed by Daniel Stenberg
parent 88727f7ed0
commit 5fcf96930e
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
3 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/cmdline-opts/location-trusted.md
View File

@ -2,7 +2,7 @@
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
SPDX-License-Identifier: curl
Long: location-trusted
Help: As --location, but send auth to other hosts
Help: As --location, but send secrets to other hosts
Protocols: HTTP
Category: http auth
Added: 7.10.4
@ -11,11 +11,16 @@ See-also:
- user
Example:
- --location-trusted -u user:password $URL
- --location-trusted -H "Cookie: session=abc" $URL
---
# `--location-trusted`
Like --location, but allows sending the name + password to all hosts that the
site may redirect to. This may or may not introduce a security breach if the
site redirects you to a site to which you send your authentication info (which
is clear-text in the case of HTTP Basic authentication).
Instructs curl to like --location follow HTTP redirects, but permits it to
send credentials and other secrets along to other hosts than the initial one.
This may or may not introduce a security breach if the site redirects you to a
site to which you send this sensitive data to. Another host means that one or
more of hostname, protocol scheme or port number changed.
This option also allows curl to pass long cookies set explicitly with --header.

7
docs/cmdline-opts/location.md
View File

@ -22,9 +22,10 @@ location (indicated with a Location: header and a 3XX response code), this
option makes curl redo the request on the new place. If used together with
--show-headers or --head, headers from all requested pages are shown.
When authentication is used, curl only sends its credentials to the initial
host. If a redirect takes curl to a different host, it does not get the
user+password pass on. See also --location-trusted on how to change this.
When authentication is used, or send cookie with `-H Cookie:`, curl only sends
its credentials to the initial host. If a redirect takes curl to a different
host, it does not get the credentials pass on. See also--location-trusted on
how to change this.
Limit the amount of redirects to follow by using the --max-redirs option.

2
src/tool_listhelp.c
View File

@ -357,7 +357,7 @@ const struct helptxt helptext[] = {
"Follow redirects",
CURLHELP_HTTP},
{" --location-trusted",
"As --location, but send auth to other hosts",
"As --location, but send secrets to other hosts",
CURLHELP_HTTP | CURLHELP_AUTH},
{" --login-options <options>",
"Server login options",