mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-01-12 13:55:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
4c12892411
curl/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.md
Daniel Stenberg 5a488251f7
curldown: fixups 
- make DEFAULT sections less repetitive

- make historic mentions use HISTORY

- generate the protocols section on `# %PROTOCOLS%` instead of guessing
  where to put it

- generate the availability section on `# %AVAILABILITY%` instead of
  guessing where to put it

- make the protocols section more verbose

Closes #14227
2024-07-19 17:03:25 +02:00

2.0 KiB
Raw Blame History

c SPDX-License-Identifier Title Section Source See-also Protocol Added-in
Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. curl CURLOPT_UNRESTRICTED_AUTH 3 libcurl
CURLINFO_REDIRECT_COUNT (3)
CURLOPT_FOLLOWLOCATION (3)
CURLOPT_MAXREDIRS (3)
CURLOPT_REDIR_PROTOCOLS_STR (3)
CURLOPT_USERPWD (3)
HTTP
7.10.4

NAME

CURLOPT_UNRESTRICTED_AUTH - send credentials to other hosts too

SYNOPSIS

#include <curl/curl.h>

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNRESTRICTED_AUTH,
                          long goahead);

DESCRIPTION

Set the long gohead parameter to 1L to make libcurl continue to send authentication (user+password) credentials when following locations, even when hostname changed. This option is meaningful only when setting CURLOPT_FOLLOWLOCATION(3).

Further, when this option is not used or set to 0L, libcurl does not send custom nor internally generated Authentication: headers on requests done to other hosts than the one used for the initial URL.

By default, libcurl only sends credentials and Authentication headers to the initial hostname as given in the original URL, to avoid leaking username + password to other sites.

This option should be used with caution: when curl follows redirects it blindly fetches the next URL as instructed by the server. Setting CURLOPT_UNRESTRICTED_AUTH(3) to 1L makes curl trust the server and sends possibly sensitive credentials to any host the server points to, possibly again and again as the following hosts can keep redirecting to new hosts.

DEFAULT

0

%PROTOCOLS%

EXAMPLE

int main(void)
{
  CURL *curl = curl_easy_init();
  if(curl) {
    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
    curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L);
    curl_easy_perform(curl);
  }
}

%AVAILABILITY%

RETURN VALUE

Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not.