curl --proto-redir -all,http,https http://example.com
-By default curl will allow all protocols on redirect except several disabled
-for security reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0
-SMB and SMBS are also disabled. Specifying \fIall\fP or \fI+all\fP enables all
-protocols on redirect, including those disabled for security.
+By default curl will allow HTTP, HTTPS, FTP and FTPS on redirect (7.65.2).
+Older versions of curl allowed all protocols on redirect except several
+disabled for security reasons: Since 7.19.4 FILE and SCP are disabled, and
+since 7.40.0 SMB and SMBS are also disabled. Specifying \fIall\fP or \fI+all\fP
+enables all protocols on redirect, including those disabled for security.
The \fICURLOPT_FOLLOWLOCATION(3)\fP option automatically follows HTTP
redirects sent by a remote server. These redirects can refer to any kind of
URL, not just HTTP. libcurl restricts the protocols allowed to be used in
-redirects for security reasons: only HTTP, HTTPS and FTP are enabled by
-default. Applications may opt to restrict thus set further.
+redirects for security reasons: only HTTP, HTTPS, FTP and FTPS are
+enabled by default. Applications may opt to restrict that set further.
A redirect to a file: URL would cause the libcurl to read (or write) arbitrary
files from the local filesystem. If the application returns the data back to
libcurl limits what protocols it automatically follows to. The accepted
protocols are set with \fICURLOPT_REDIR_PROTOCOLS(3)\fP. By default libcurl
-will allow all protocols on redirect except those disabled for security
+will allow HTTP, HTTPS, FTP and FTPS on redirect (7.65.2). Older versions of
+libcurl allowed all protocols on redirect except those disabled for security
reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0 SMB and SMBS
are also disabled.
Protocols denied by \fICURLOPT_PROTOCOLS(3)\fP are not overridden by this
option.
-By default libcurl will allow all protocols on redirect except several disabled
-for security reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0
-SMB and SMBS are also disabled. \fICURLPROTO_ALL\fP enables all protocols on
-redirect, including those disabled for security.
+By default libcurl will allow HTTP, HTTPS, FTP and FTPS on redirect (7.65.2).
+Older versions of libcurl allowed all protocols on redirect except several
+disabled for security reasons: Since 7.19.4 FILE and SCP are disabled, and
+since 7.40.0 SMB and SMBS are also disabled. \fICURLPROTO_ALL\fP enables all
+protocols on redirect, including those disabled for security.
These are the available protocol defines:
.nf
/* set the bitmask for the protocols that libcurl is allowed to follow to,
as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
- to be set in both bitmasks to be allowed to get redirected to. Defaults
- to all protocols except FILE and SCP. */
+ to be set in both bitmasks to be allowed to get redirected to. */
CINIT(REDIR_PROTOCOLS, LONG, 182),
/* set the SSH knownhost file name to use */
case CURLOPT_REDIR_PROTOCOLS:
/* set the bitmask for the protocols that libcurl is allowed to follow to,
as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
- to be set in both bitmasks to be allowed to get redirected to. Defaults
- to all protocols except FILE and SCP. */
+ to be set in both bitmasks to be allowed to get redirected to. */
data->set.redir_protocols = va_arg(param, long);
break;
define since we internally only use the lower 16 bits for the passed
in bitmask to not conflict with the private bits */
set->allowed_protocols = CURLPROTO_ALL;
- set->redir_protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP;
+ set->redir_protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP |
+ CURLPROTO_FTPS;
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
/*
projects / curl / commitdiff