luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add description of effect of --location-trusted on cookie

Browse Source 
Closes #14471
This commit is contained in:
XYenon 2024-08-09 17:30:40 +08:00 committed by Daniel Stenberg
parent 88727f7ed0
commit 5fcf96930e
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
3 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/cmdline-opts/location-trusted.md
View File

@ -2,7 +2,7 @@
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
SPDX-License-Identifier: curl SPDX-License-Identifier: curl
Long: location-trusted Long: location-trusted
Help: As --location, but send auth to other hosts Help: As --location, but send secrets to other hosts
Protocols: HTTP Protocols: HTTP
Category: http auth Category: http auth
Added: 7.10.4 Added: 7.10.4
@ -11,11 +11,16 @@ See-also:
- user - user
Example: Example:
- --location-trusted -u user:password $URL - --location-trusted -u user:password $URL
- --location-trusted -H "Cookie: session=abc" $URL
--- ---
# `--location-trusted` # `--location-trusted`
Like --location, but allows sending the name + password to all hosts that the Instructs curl to like --location follow HTTP redirects, but permits it to
site may redirect to. This may or may not introduce a security breach if the send credentials and other secrets along to other hosts than the initial one.
site redirects you to a site to which you send your authentication info (which
is clear-text in the case of HTTP Basic authentication). This may or may not introduce a security breach if the site redirects you to a
site to which you send this sensitive data to. Another host means that one or
more of hostname, protocol scheme or port number changed.
This option also allows curl to pass long cookies set explicitly with --header.

7
docs/cmdline-opts/location.md
View File

@ -22,9 +22,10 @@ location (indicated with a Location: header and a 3XX response code), this
option makes curl redo the request on the new place. If used together with option makes curl redo the request on the new place. If used together with
--show-headers or --head, headers from all requested pages are shown. --show-headers or --head, headers from all requested pages are shown.
When authentication is used, curl only sends its credentials to the initial When authentication is used, or send cookie with `-H Cookie:`, curl only sends
host. If a redirect takes curl to a different host, it does not get the its credentials to the initial host. If a redirect takes curl to a different
user+password pass on. See also --location-trusted on how to change this. host, it does not get the credentials pass on. See also--location-trusted on
how to change this.
Limit the amount of redirects to follow by using the --max-redirs option. Limit the amount of redirects to follow by using the --max-redirs option.

2
src/tool_listhelp.c
View File

@ -357,7 +357,7 @@ const struct helptxt helptext[] = {
"Follow redirects", "Follow redirects",
CURLHELP_HTTP}, CURLHELP_HTTP},
{" --location-trusted", {" --location-trusted",
"As --location, but send auth to other hosts", "As --location, but send secrets to other hosts",
CURLHELP_HTTP | CURLHELP_AUTH}, CURLHELP_HTTP | CURLHELP_AUTH},
{" --login-options <options>", {" --login-options <options>",
"Server login options", "Server login options",