curl-users
Re: A small nudge to fix a frequent -X misuse?
Date: Wed, 25 Nov 2015 00:42:27 +0100
Okay, I understand things better now - even if I wouldn't have expected
this from curl.
I thought that any client should behave in the way that it conforms to
the specifications so that if you send e.g. a HEAD request you should
also treat the response as if it was a HEAD request.
Seems I misunderstood the concept of cURL. But now I understand also why
curl doesn't care about input validation in broken arguments like -X'FOO
BAR' or -H ' Fo \x00 \r\nbar'.
I think your text adjustment is fine!
Am 24.11.2015 um 10:01 schrieb Daniel Stenberg:
> On Mon, 23 Nov 2015, Space One wrote:
>
>> What about this text:
>> "/Warning: Please consider using -I/--head otherwise setting custom HTTP
>> method to HEAD may not work the way you want. "
>
> Thanks! Or even slightly more verbose:
>
> Warning: Setting custom HTTP method to HEAD with -X/--request may not
> work the
> Warning: way you want. Consider using -I/--head instead.
>
> You think that's good?
>
>> But why isn't -XHEAD just rewritten to -I internally instead of that
>> warning?
>
> Because of what curl is and what it does:
>
> curl is the "swiss army knife" type of tool. It does what you ask it
> to, usually not more or less. So if you ask it to do crazy things, it
> will do those crazy things. This is often used and abused by people
> who can make curl do stunts against their servers for tests or
> automated short cuts other tools would prohibit. This kind of users
> wants curl to do exactly as asked and nothing else. If you tell curl
> to use a custom method with -X, curl will send exactly that method.
> Whatever it is. You ask for curl to send your creative craziness and
> curl will deliver it for you to the server. Verbatim. If you don't
> want that, then don't use -X...
>
> -X is not and was never intended to be used by users who don't know
> what changing the HTTP method keyword does and how it modifies curl's
> behavior. It has turned out, however, that it has an almost magic
> attraction to certain users who like to spell out the HTTP method on
> their command lines instead of having curl automatically set that.
>
> curl as a tool is really not too forgiving when you give it an option
> that is _almost_ right or that you _think_ is right but is subtly
> wrong and incorrect. This warning is only an attempt to make people
> stop abusing -X for cases when they really shouldn't use -X.
>
> We won't "rewrite" -X strings into anything else. We already
> documented exactly what the option does. There are huge number of
> users already using it as documented and they're happy - and we don't
> want to change behavior like that in a non-backwards compliant way.
> There are times when using -XHEAD is exactly the right thing for a
> user. Those cases are however rather limited.
>
> I like that -X is consistent.
>
>> What are the differences? -X HEAD doesn't close the connection while
>> -I does?
>
> -X only changes the method keyword, nothing else. Since curl defaults
> to GET, using 'curl -XHEAD [URL]' will therefore make curl send a
> request that it _thinks_ is a GET but the user replaced the method to
> become a HEAD.
>
> The difference in the HTTP protocol between a HEAD and a GET response
> is that a HEAD response is _exactly_ the same as the GET response
> except that there's no response body. Since curl knows it sent a GET
> request, it will wait for a response body if the response headers
> indicate there is one. If curl knows it sent a HEAD it will just not
> wait for a response, even if the headers say there is one, since it
> knows a server will never send a response body to such a request.
>
> --
>
> / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-11-25