From 36e53ec6ff93cf2c20934f65fb405c662ff0f604 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Wed, 21 Sep 2016 15:34:57 -0400 Subject: docs: Remove that --proto is just used for initial retrieval .. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not override protocols denied by --proto and CURLOPT_PROTOCOLS. - Add a test to enforce: --proto deny must override --proto-redir allow Closes https://github.com/curl/curl/pull/1031 --- docs/curl.1 | 12 ++++++------ docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 | 3 +++ 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'docs') diff --git a/docs/curl.1 b/docs/curl.1 index 9f657ddb3..0988f0be7 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -1354,10 +1354,9 @@ consistency. However, a server may require a POST to remain a POST after such a redirection. This option is meaningful only when using \fI-L, --location\fP (Added in 7.26.0) .IP "--proto " -Tells curl to use the listed protocols for its initial retrieval. Protocols -are evaluated left to right, are comma separated, and are each a protocol -name or 'all', optionally prefixed by zero or more modifiers. Available -modifiers are: +Tells curl to limit what protocols it may use in the transfer. Protocols are +evaluated left to right, are comma separated, and are each a protocol name or +'all', optionally prefixed by zero or more modifiers. Available modifiers are: .RS .TP 3 .B + @@ -1414,8 +1413,9 @@ for details. (Added in 7.45.0) .IP "--proto-redir " -Tells curl to use the listed protocols on redirect. See --proto for how -protocols are represented. +Tells curl to limit what protocols it may use on redirect. Protocols denied by +--proto are not overridden by this option. See \fI--proto\fP for how protocols +are represented. Example: diff --git a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 index 8bd76f6b0..3a5c3fcdc 100644 --- a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 +++ b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 @@ -34,6 +34,9 @@ redirect when \fICURLOPT_FOLLOWLOCATION(3)\fP is enabled. This allows you to limit specific transfers to only be allowed to use a subset of protocols in redirections. +Protocols denied by \fICURLOPT_PROTOCOLS(3)\fP are not overridden by this +option. + By default libcurl will allow all protocols on redirect except several disabled for security reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0 SMB and SMBS are also disabled. \fICURLPROTO_ALL\fP enables all protocols on -- cgit v1.2.3