Question
I am using curl in C to send HTTP requests to a web API that has multiple versions. Depending on the user-agent, the web server sends a 301 response and curl tries to follow the redirect. This all works as designed but there is a special case where it breaks.
When I'm sending an authorization request AND I don't specify the domain name (https://test.example/server instead of https://test.example.com/server) the web server redirects the app to https://test.example.com/serverv2, adding on the domain name. But the response from the second attempt after the redirect is 401, "could not parse credentials from header". If I don't omit the domain name, everything works as expected, including the redirect, and my authorization is successful.
My question is: is this a built in feature in curl or is it a bug? And secondly, is there a preferred way of dealing with this special case?
Solution
From curl.h
https://stackoverflow.com/questions/17617252
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian/* Continue to send authentication (user+password) when following locations,
even when hostname changed. This can potentially send off the name
and password to whatever host the server decides. */
CINIT(UNRESTRICTED_AUTH, LONG, 105)
I set this option and it fixed my problem. Sometimes you just need to dig a little more. :)
curl_easy_setopt (curl, CURLOPT_UNRESTRICTED_AUTH, 1);
