| Server IP : 91.108.119.82 / Your IP : 216.73.217.6 Web Server : LiteSpeed System : Linux id-dci-web1986.main-hosting.eu 5.14.0-611.26.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jan 29 05:24:47 EST 2026 x86_64 User : u686484674 ( 686484674) PHP Version : 8.0.30 Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail MySQL : OFF | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /proc/self/root/opt/alt/curlssl30/usr/share/man/man3/ |
Upload File : |
.\" generated by cd2nroff 0.1 from CURLOPT_UNRESTRICTED_AUTH.md
.TH CURLOPT_UNRESTRICTED_AUTH 3 "2025-06-27" libcurl
.SH NAME
CURLOPT_UNRESTRICTED_AUTH \- send credentials to other hosts too
.SH SYNOPSIS
.nf
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNRESTRICTED_AUTH,
long goahead);
.fi
.SH DESCRIPTION
Set the long \fIgohead\fP parameter to 1L to make libcurl continue to send
authentication (user+password) credentials or explicitly set cookie headers
when following locations, even when the host changes. This option is
meaningful only when setting \fICURLOPT_FOLLOWLOCATION(3)\fP.
Further, when this option is not used or set to \fB0L\fP, libcurl does not send
custom nor internally generated \fIAuthentication:\fP or \fICookie:\fP headers on
requests done to other hosts than the one used for the initial URL. Another
host means that one or more of hostname, protocol scheme or port number
changed.
By default, libcurl only sends \fIAuthentication:\fP or explicitly set \fICookie:\fP
headers to the initial host as given in the original URL, to avoid leaking
username + password to other sites.
This option should be used with caution: when curl follows redirects it
blindly fetches the next URL as instructed by the server. Setting
\fICURLOPT_UNRESTRICTED_AUTH(3)\fP to 1L makes curl trust the server and sends
possibly sensitive credentials to any host the server points to, possibly
again and again as the following hosts can keep redirecting to new hosts.
Due to the way HTTP works, almost any header can be made to contain data a
client may not want to pass on to other servers than the initially intended
host and for all other headers than the two mentioned above, there is no
protection from this happening when libcurl is told to follow redirects.
.SH DEFAULT
0
.SH PROTOCOLS
This functionality affects http only
.SH EXAMPLE
.nf
int main(void)
{
CURL *curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L);
curl_easy_perform(curl);
}
}
.fi
.SH AVAILABILITY
Added in curl 7.10.4
.SH RETURN VALUE
\fIcurl_easy_setopt(3)\fP returns a CURLcode indicating success or error.
CURLE_OK (0) means everything was OK, non\-zero means an error occurred, see
\fIlibcurl\-errors(3)\fP.
.SH SEE ALSO
.BR CURLINFO_REDIRECT_COUNT (3),
.BR CURLOPT_FOLLOWLOCATION (3),
.BR CURLOPT_MAXREDIRS (3),
.BR CURLOPT_REDIR_PROTOCOLS_STR (3),
.BR CURLOPT_USERPWD (3)