manpagez: man pages & more
man CURLOPT_UNRESTRICTED_AUTH(3)
Home | html | info | man
CURLOPT_UNRESTRICTED_AUTH(3)                          Library Functions Manual


NAME

       CURLOPT_UNRESTRICTED_AUTH - send credentials to other hosts too


SYNOPSIS

       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNRESTRICTED_AUTH,
                                 long goahead);


DESCRIPTION

       Set the long gohead parameter to 1L to make libcurl continue to send
       authentication (user+password) credentials or explicitly set cookie
       headers when following locations, even when the host changes. This
       option is meaningful only when setting CURLOPT_FOLLOWLOCATION(3).

       Further, when this option is not used or set to 0L, libcurl does not
       send custom nor internally generated Authentication: or Cookie: headers
       on requests done to other hosts than the one used for the initial URL.
       Another host means that one or more of hostname, protocol scheme or
       port number changed.

       By default, libcurl only sends Authentication: or explicitly set
       Cookie: headers to the initial host as given in the original URL, to
       avoid leaking username + password to other sites.

       This option should be used with caution: when curl follows redirects it
       blindly fetches the next URL as instructed by the server. Setting
       CURLOPT_UNRESTRICTED_AUTH(3) to 1L makes curl trust the server and
       sends possibly sensitive credentials to any host the server points to,
       possibly again and again as the following hosts can keep redirecting to
       new hosts.

       Due to the way HTTP works, almost any header can be made to contain
       data a client may not want to pass on to other servers than the
       initially intended host and for all other headers than the two
       mentioned above, there is no protection from this happening when
       libcurl is told to follow redirects.


DEFAULT

       0


PROTOCOLS

       This functionality affects http only


EXAMPLE

       int main(void)
       {
         CURL *curl = curl_easy_init();
         if(curl) {
           curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
           curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
           curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L);
           curl_easy_perform(curl);
         }
       }


AVAILABILITY

       Added in curl 7.10.4


RETURN VALUE

       curl_easy_setopt(3) returns a CURLcode indicating success or error.

       CURLE_OK (0) means everything was OK, non-zero means an error occurred,
       see libcurl-errors(3).


SEE ALSO

       CURLINFO_REDIRECT_COUNT(3), CURLOPT_FOLLOWLOCATION(3),
       CURLOPT_MAXREDIRS(3), CURLOPT_REDIR_PROTOCOLS_STR(3),
       CURLOPT_USERPWD(3)

libcurl                           2025-02-08      CURLOPT_UNRESTRICTED_AUTH(3)

curl 8.12.0 - Generated Wed Feb 19 11:56:37 CST 2025
© manpagez.com 2000-2025
Individual documents may contain additional copyright information.