luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

header.md: mention Authorization: and Cookie: special treatment

Browse Source 
Fixes #16160
Reported-by: deliciouslytyped on github
Closes #16164
This commit is contained in:
Daniel Stenberg 2025-02-04 10:25:12 +01:00
parent 2f00a7d5a7
commit 448e71d1b7
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/cmdline-opts/header.md
View File

@ -55,10 +55,14 @@ among others and should be added with this option.
You need --proxy-header to send custom headers intended for an HTTP proxy.
(Added in 7.37.0)
Passing on a "Transfer-Encoding: chunked" header when doing an HTTP request
Passing on a `Transfer-Encoding: chunked` header when doing an HTTP request
with a request body, makes curl send the data using chunked encoding.
**WARNING**: headers set with this option are set in all HTTP requests - even
after redirects are followed, like when told with --location. This can lead to
the header being sent to other hosts than the original host, so sensitive
headers should be used with caution combined with following redirects.
`Authorization:` and `Cookie:` headers are explicitly *not* passed on in HTTP
requests when following redirects to other origins, unless --location-trusted
is used.