.\" **************************************************************************
.\" *                                  _   _ ____  _
.\" *  Project                     ___| | | |  _ \| |
.\" *                             / __| | | | |_) | |
.\" *                            | (__| |_| |  _ <| |___
.\" *                             \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
.\" * are also available at https://curl.se/docs/copyright.html.
.\" *
.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
.\" * copies of the Software, and permit persons to whom the Software is
.\" * furnished to do so, under the terms of the COPYING file.
.\" *
.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
.\" * KIND, either express or implied.
.\" *
.\" * SPDX-License-Identifier: curl
.\" *
.\" **************************************************************************
.\"
.TH CURLOPT_UNRESTRICTED_AUTH 3 "17 Jun 2014" libcurl libcurl
.SH NAME
CURLOPT_UNRESTRICTED_AUTH \- send credentials to other hosts too
.SH SYNOPSIS
.nf
#include <curl/curl.h>

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNRESTRICTED_AUTH,
                          long goahead);
.SH DESCRIPTION
Set the long \fIgohead\fP parameter to 1L to make libcurl continue to send
authentication (user+password) credentials when following locations, even when
hostname changed. This option is meaningful only when setting
\fICURLOPT_FOLLOWLOCATION(3)\fP.

Further, when this option is not used or set to \fB0L\fP, libcurl does not
send custom nor internally generated Authentication: headers on requests done
to other hosts than the one used for the initial URL.

By default, libcurl only sends credentials and Authentication headers to the
initial host name as given in the original URL, to avoid leaking username +
password to other sites.

This option should be used with caution: when curl follows redirects it
blindly fetches the next URL as instructed by the server. Setting
\fICURLOPT_UNRESTRICTED_AUTH(3)\fP to 1L therefore also makes curl trust the
server and sends possibly sensitive credentials to any host the server points
out. And then maybe again and again as the following hosts can keep
redirecting to new hosts.
.SH DEFAULT
0
.SH PROTOCOLS
HTTP
.SH EXAMPLE
.nf
int main(void)
{
  CURL *curl = curl_easy_init();
  if(curl) {
    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
    curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L);
    curl_easy_perform(curl);
  }
}
.fi
.SH AVAILABILITY
Along with HTTP
.SH RETURN VALUE
Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO"
.BR CURLOPT_FOLLOWLOCATION (3),
.BR CURLOPT_USERPWD (3),
.BR CURLOPT_MAXREDIRS (3),
.BR CURLOPT_REDIR_PROTOCOLS_STR (3),
.BR CURLINFO_REDIRECT_COUNT (3)