cURL / Mailing Lists / curl-users / Single Mail


Re: curl and http redirects; possible security implications

From: Alex Bligh <>
Date: Mon, 19 Apr 2010 21:06:34 +0100

--On 19 April 2010 18:42:09 +0100 Alex Bligh <> wrote:

>> I would prefer just '-'!
> OK, I will make that change (or you can - it's merely deleting
> two lines).
>> Speaking of this, it struck me that you should probably allow the feature
>> to try to change protocols that it doesn't know about so that it is
>> suitable future-proof. I'm thinking about the case where a future curl
>> introduces support for the COFFEE protocol but somone dislikes it and use
>> "--proto -coffee", and then they copy that command line back to a 7.20.1
>> curl which doesn't know about coffee at all.
>> Of course, a downside would be that a misspelled protocol isn't detected.
>> Perhaps it is enough if we use warnf() to inform about unknown protocols
>> that are mentioned?
> How about I make '~' or something an additional prefix which ignored the
> option if it wasn't recognised? IE you could do "--proto -~coffee" to
> disable coffee support but ignore it if coffee was not understood. That's
> a
> pretty trivial change. You then get proper error handling in the normal
> case, but the person who wants to use a back-compatible command line
> can do so without parsing the output of curl -V.

See attached.

Alex Bligh

List admin:

Received on 2010-04-19