DragonFly On-Line Manual Pages
CURLOPT_UNRESTRICTED_AUTH(3) curl_easy_setopt options
CURLOPT_UNRESTRICTED_AUTH - send credentials to other hosts too
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNRESTRICTED_AUTH,
Set the long gohead parameter to 1L to make libcurl continue to send
authentication (user+password) credentials when following locations,
even when hostname changed. This option is meaningful only when setting
Further, when this option is not used or set to 0L, libcurl will not
send custom set nor internally generated Authentication: headers on
requests done to other hosts than the one used for the initial URL.
By default, libcurl will only send credentials and Authentication
headers to the initial host name as given in the original URL, to avoid
leaking username + password to other sites.
This option should be used with caution: when curl follows redirects it
blindly fetches the next URL as instructed by the server. Setting
CURLOPT_UNRESTRICTED_AUTH(3) to 1L will therefore also make curl trust
the server and send possibly sensitive credentials to a host the server
CURL *curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L);
Along with HTTP
Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not.
libcurl 7.87.0 May 17, 2022 CURLOPT_UNRESTRICTED_AUTH(3)