> Von: "Daniel Stenberg" <dan...@haxx.se> > On Thu, 17 Jul 2014, Michael Osipov wrote:
> >> Yes, because you're asking for it! > > > > Then I would at least require the docs to say that preempive is is > > performed > > by default. Users should be aware that they could disclose information. > > Yes it should! But you're expressing this funnily. If if _does_ probe first, > it will disclose the exact same information if the server asks for basic auth Haven't noticed that I brought some fun into it. I am trying to make a point. Doing $ 'curl --basic -u ... http://host/proctected http://host2/unprotected' without using next will reveal. Am I wrong? > > After that at least, I have found a bug in curl which ends in an endless > > redirect. I will report shortly. > > Ouch! > > >> If there's a missing option it would then rather be one that allows you to > >> say "I only want to use {basic,digest,ntlm,...} but I still want to probe > >> first" - which libcurl can do but that ability isn't exposed to the > >> command > >> line tool afair. > > > > How would that go in libcurl, I mean not preemptive? > > Add the 'CURLAUTH_ONLY' bit. Like when asking for only basic with a probe: > > CURLAUTH_BASIC | CURLAUTH_ONLY So adding --auth-only and --proxy-auth-only tied to CURLAUTH_ONLY would disable preemptive auth and perform of if challenged? E.g., $ curl --basic --digest -u ... --auth-only <URL> Michael ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
