Provided by: libcurl4-doc_7.85.0-1_all bug

NAME

       CURLOPT_UNRESTRICTED_AUTH - send credentials to other hosts too

SYNOPSIS

       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNRESTRICTED_AUTH,
                                 long goahead);

DESCRIPTION

       Set  the  long  gohead  parameter  to  1L  to make libcurl continue to send authentication
       (user+password) credentials when following locations, even  when  hostname  changed.  This
       option is meaningful only when setting CURLOPT_FOLLOWLOCATION(3).

       Further,  when  this option is not used or set to 0L, libcurl will not send custom set nor
       internally generated Authentication: headers on requests done to other hosts than the  one
       used for the initial URL.

       By  default,  libcurl will only send credentials and Authentication headers to the initial
       host name as given in the original URL, to avoid leaking  username  +  password  to  other
       sites.

       This  option  should  be used with caution: when curl follows redirects it blindly fetches
       the next URL as instructed by the server. Setting CURLOPT_UNRESTRICTED_AUTH(3) to 1L  will
       therefore  also  make  curl  trust the server and send possibly sensitive credentials to a
       host the server points out.

DEFAULT

       0

PROTOCOLS

       HTTP

EXAMPLE

       CURL *curl = curl_easy_init();
       if(curl) {
         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
         curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
         curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L);
         curl_easy_perform(curl);
       }

AVAILABILITY

       Along with HTTP

RETURN VALUE

       Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

       CURLOPT_FOLLOWLOCATION(3), CURLOPT_USERPWD(3),