cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: A small nudge to fix a frequent -X misuse?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 24 Nov 2015 10:01:36 +0100 (CET)

On Mon, 23 Nov 2015, Space One wrote:

> What about this text:
> "/Warning: Please consider using -I/--head otherwise setting custom HTTP
> method to HEAD may not work the way you want. "

Thanks! Or even slightly more verbose:

Warning: Setting custom HTTP method to HEAD with -X/--request may not work the
Warning: way you want. Consider using -I/--head instead.

You think that's good?

> But why isn't -XHEAD just rewritten to -I internally instead of that
> warning?

Because of what curl is and what it does:

curl is the "swiss army knife" type of tool. It does what you ask it to,
usually not more or less. So if you ask it to do crazy things, it will do
those crazy things. This is often used and abused by people who can make curl
do stunts against their servers for tests or automated short cuts other tools
would prohibit. This kind of users wants curl to do exactly as asked and
nothing else. If you tell curl to use a custom method with -X, curl will send
exactly that method. Whatever it is. You ask for curl to send your creative
craziness and curl will deliver it for you to the server. Verbatim. If you
don't want that, then don't use -X...

-X is not and was never intended to be used by users who don't know what
changing the HTTP method keyword does and how it modifies curl's behavior. It
has turned out, however, that it has an almost magic attraction to certain
users who like to spell out the HTTP method on their command lines instead of
having curl automatically set that.

curl as a tool is really not too forgiving when you give it an option that is
_almost_ right or that you _think_ is right but is subtly wrong and incorrect.
This warning is only an attempt to make people stop abusing -X for cases when
they really shouldn't use -X.

We won't "rewrite" -X strings into anything else. We already documented
exactly what the option does. There are huge number of users already using it
as documented and they're happy - and we don't want to change behavior like
that in a non-backwards compliant way. There are times when using -XHEAD is
exactly the right thing for a user. Those cases are however rather limited.

I like that -X is consistent.

> What are the differences? -X HEAD doesn't close the connection while -I
> does?

-X only changes the method keyword, nothing else. Since curl defaults to GET,
using 'curl -XHEAD [URL]' will therefore make curl send a request that it
_thinks_ is a GET but the user replaced the method to become a HEAD.

The difference in the HTTP protocol between a HEAD and a GET response is that
a HEAD response is _exactly_ the same as the GET response except that there's
no response body. Since curl knows it sent a GET request, it will wait for a
response body if the response headers indicate there is one. If curl knows it
sent a HEAD it will just not wait for a response, even if the headers say
there is one, since it knows a server will never send a response body to such
a request.

--
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2015-11-24