cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: man curl review

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 13 Aug 2012 23:08:43 +0200 (CEST)

On Mon, 13 Aug 2012, Anthony Bryan wrote:

> Curl also supports user and password in HTTP URLs, thus you can pick a file
> like:
>
> ...
>
> NOTE! Since HTTP URLs don't support user and password, you can't use that
> style when using Curl via a proxy. You _must_ use the -u style fetch
> during such circumstances.
>
> 2nd HTTP should be HTTPS?

Slightly confusing, but I'll try to explain what I think I tried to express in
the mentioned text.

curl supports user names and passwords in HTTP and HTTPS URLs, in the style:

         http://user:password@hostname/path

However, HTTP URLs don't allow that according to spec. Already RFC 1738
section 3.3 clearly states that "No user name or password is allowed.". This
means curl accepts a syntax that the spec doesn't allow.

I don't remember off the top of my head if the above quote is still true, but
if you used an URL like "http://user:password@example.com" and asked curl to
use a HTTP proxy curl would send the given URL to the proxy including the name
and password part and thus a HTTP compliant proxy would not interpret them as
name and password and the request would fail...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2012-08-13