luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

header.md: mention Authorization: and Cookie: special treatment

Browse Source 
Fixes #16160
Reported-by: deliciouslytyped on github
Closes #16164
This commit is contained in:
Daniel Stenberg 2025-02-04 10:25:12 +01:00
parent 2f00a7d5a7
commit 448e71d1b7
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/cmdline-opts/header.md
View File

@ -55,10 +55,14 @@ among others and should be added with this option.
You need --proxy-header to send custom headers intended for an HTTP proxy. You need --proxy-header to send custom headers intended for an HTTP proxy.
(Added in 7.37.0) (Added in 7.37.0)
Passing on a "Transfer-Encoding: chunked" header when doing an HTTP request Passing on a `Transfer-Encoding: chunked` header when doing an HTTP request
with a request body, makes curl send the data using chunked encoding. with a request body, makes curl send the data using chunked encoding.
**WARNING**: headers set with this option are set in all HTTP requests - even **WARNING**: headers set with this option are set in all HTTP requests - even
after redirects are followed, like when told with --location. This can lead to after redirects are followed, like when told with --location. This can lead to
the header being sent to other hosts than the original host, so sensitive the header being sent to other hosts than the original host, so sensitive
headers should be used with caution combined with following redirects. headers should be used with caution combined with following redirects.
`Authorization:` and `Cookie:` headers are explicitly *not* passed on in HTTP
requests when following redirects to other origins, unless --location-trusted
is used.