diff options
author | Daniel Stenberg <daniel@haxx.se> | 2019-07-14 16:32:50 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-07-14 16:32:50 +0200 |
commit | 02a62074c77e5932655a136b39637051bfac30d6 (patch) | |
tree | ac891b5bc0ea976ca6365a3c6d5fc98ec3b5ad68 | |
parent | 797e549d0d6009b60786ac82465df26e1fc52ac6 (diff) |
libcurl-security.3: update to new CURLOPT_REDIR_PROTOCOLS defaults
follow-up to 6080ea098
-rw-r--r-- | docs/libcurl/libcurl-security.3 | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/docs/libcurl/libcurl-security.3 b/docs/libcurl/libcurl-security.3 index 0cfdddea8..cdb97915c 100644 --- a/docs/libcurl/libcurl-security.3 +++ b/docs/libcurl/libcurl-security.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -97,8 +97,8 @@ Never ever switch off certificate verification. The \fICURLOPT_FOLLOWLOCATION(3)\fP option automatically follows HTTP redirects sent by a remote server. These redirects can refer to any kind of URL, not just HTTP. libcurl restricts the protocols allowed to be used in -redirects for security reasons: FILE, SCP, SMB and SMBS are disabled by -default. Applications are encouraged to restrict that set further. +redirects for security reasons: only HTTP, HTTPS and FTP are enabled by +default. Applications may opt to restrict thus set further. A redirect to a file: URL would cause the libcurl to read (or write) arbitrary files from the local filesystem. If the application returns the data back to |