from small one page howto to huge articles all in one place

search text in:




Other .linuxhowtos.org sites:gentoo.linuxhowtos.org



Last additions:
using iotop to find disk usage hogs

using iotop to find disk usage hogs

words:

887

views:

210209

userrating:

May 25th. 2007:
Words

486

Views

259175

why adblockers are bad

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

150544

userrating:

April, 26th. 2006:
Words

38

Views

107899

New subdomain: toolsntoys.linuxhowtos.org

Druckversion
You are here: manpages





CURLOPT_UNRESTRICTED_AUTH

Section: C Library Functions (3)
Updated: 202-0-19
Index Return to Main Contents
 

NAME

CURLOPT_UNRESTRICTED_AUTH - send credentials to other hosts too  

SYNOPSIS

#include <curl/curl.h>

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNRESTRICTED_AUTH,
                          long goahead);
 

DESCRIPTION

Set the long gohead parameter to 1L to make libcurl continue to send authentication (user+password) credentials or explicitly set cookie headers when following locations, even when the host changes. This option is meaningful only when setting CURLOPT_FOLLOWLOCATION(3).

Further, when this option is not used or set to 0L, libcurl does not send custom nor internally generated Authentication: or Cookie: headers on requests done to other hosts than the one used for the initial URL. Another host means that one or more of hostname, protocol scheme or port number changed.

By default, libcurl only sends Authentication: or explicitly set Cookie: headers to the initial host as given in the original URL, to avoid leaking username + password to other sites.

This option should be used with caution: when curl follows redirects it blindly fetches the next URL as instructed by the server. Setting CURLOPT_UNRESTRICTED_AUTH(3) to 1L makes curl trust the server and sends possibly sensitive credentials to any host the server points to, possibly again and again as the following hosts can keep redirecting to new hosts.

Due to the way HTTP works, almost any header can be made to contain data a client may not want to pass on to other servers than the initially intended host and for all other headers than the two mentioned above, there is no protection from this happening when libcurl is told to follow redirects.  

DEFAULT

0  

PROTOCOLS

This functionality affects http only  

EXAMPLE

int main(void)
{
  CURL *curl = curl_easy_init();
  if(curl) {
    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
    curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L);
    curl_easy_perform(curl);
  }
}
 

AVAILABILITY

Added in curl 7.10.4  

RETURN VALUE

curl_easy_setopt(3) returns a CURLcode indicating success or error.

CURLE_OK (0) means everything was OK, non-zero means an error occurred, see libcurl-errors(3).  

SEE ALSO

CURLINFO_REDIRECT_COUNT(3), CURLOPT_FOLLOWLOCATION(3), CURLOPT_MAXREDIRS(3), CURLOPT_REDIR_PROTOCOLS_STR(3), CURLOPT_USERPWD(3)

 

Index

NAME
SYNOPSIS
DESCRIPTION
DEFAULT
PROTOCOLS
EXAMPLE
AVAILABILITY
RETURN VALUE
SEE ALSO





Support us on Content Nation
rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2025 Sascha Nitsch Unternehmensberatung GmbH
Valid XHTML1.1 : Valid CSS
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 14.5 ms