noble (3) CURLOPT_UNRESTRICTED_AUTH.3.gz
NAME
CURLOPT_UNRESTRICTED_AUTH - send credentials to other hosts too
SYNOPSIS
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNRESTRICTED_AUTH,
long goahead);
DESCRIPTION
Set the long gohead parameter to 1L to make libcurl continue to send authentication (user+password)
credentials when following locations, even when hostname changed. This option is meaningful only when
setting CURLOPT_FOLLOWLOCATION(3).
Further, when this option is not used or set to 0L, libcurl does not send custom nor internally generated
Authentication: headers on requests done to other hosts than the one used for the initial URL.
By default, libcurl only sends credentials and Authentication headers to the initial host name as given
in the original URL, to avoid leaking username + password to other sites.
This option should be used with caution: when curl follows redirects it blindly fetches the next URL as
instructed by the server. Setting CURLOPT_UNRESTRICTED_AUTH(3) to 1L therefore also makes curl trust the
server and sends possibly sensitive credentials to any host the server points out. And then maybe again
and again as the following hosts can keep redirecting to new hosts.
DEFAULT
0
PROTOCOLS
HTTP
EXAMPLE
int main(void)
{
CURL *curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L);
curl_easy_perform(curl);
}
}
AVAILABILITY
Along with HTTP
RETURN VALUE
Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not.
SEE ALSO
CURLOPT_FOLLOWLOCATION(3), CURLOPT_USERPWD(3), CURLOPT_MAXREDIRS(3), CURLOPT_REDIR_PROTOCOLS_STR(3), CURLINFO_REDIRECT_COUNT(3)