quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

CURLOPT_URL.md (4800B)

      1 ---
      2 c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
      3 SPDX-License-Identifier: curl
      4 Title: CURLOPT_URL
      5 Section: 3
      6 Source: libcurl
      7 See-also:
      8   - CURLINFO_REDIRECT_URL (3)
      9   - CURLOPT_CURLU (3)
     10   - CURLOPT_FORBID_REUSE (3)
     11   - CURLOPT_FRESH_CONNECT (3)
     12   - CURLOPT_PATH_AS_IS (3)
     13   - CURLOPT_PROTOCOLS_STR (3)
     14   - curl_easy_perform (3)
     15   - curl_url_get (3)
     16   - curl_url_set (3)
     17 Protocol:
     18   - All
     19 Added-in: 7.1
     20 ---
     21 
     22 # NAME
     23 
     24 CURLOPT_URL - URL for this transfer
     25 
     26 # SYNOPSIS
     27 
     28 ~~~c
     29 #include <curl/curl.h>
     30 
     31 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_URL, char *URL);
     32 ~~~
     33 
     34 # DESCRIPTION
     35 
     36 Pass in a pointer to the *URL* to work with. The parameter should be a
     37 char * to a null-terminated string which must be URL-encoded in the following
     38 format:
     39 
     40 scheme://host:port/path
     41 
     42 For a greater explanation of the format please see RFC 3986.
     43 
     44 libcurl does not validate the syntax or use the URL until the transfer is
     45 started. Even if you set a crazy value here, curl_easy_setopt(3) might
     46 still return *CURLE_OK*.
     47 
     48 If the given URL is missing a scheme name (such as "http://" or "ftp://" etc)
     49 then libcurl guesses based on the host. If the outermost subdomain name
     50 matches DICT, FTP, IMAP, LDAP, POP3 or SMTP then that protocol gets used,
     51 otherwise HTTP is used. Since 7.45.0 guessing can be disabled by setting a
     52 default protocol, see CURLOPT_DEFAULT_PROTOCOL(3) for details.
     53 
     54 Should the protocol, either as specified by the URL scheme or deduced by
     55 libcurl from the hostname, not be supported by libcurl then
     56 *CURLE_UNSUPPORTED_PROTOCOL* is returned from either the curl_easy_perform(3)
     57 or curl_multi_perform(3) functions when you call them. Use
     58 curl_version_info(3) for detailed information of which protocols are supported
     59 by the build of libcurl you are using.
     60 
     61 CURLOPT_PROTOCOLS_STR(3) can be used to limit what protocols libcurl may
     62 use for this transfer, independent of what libcurl has been compiled to
     63 support. That may be useful if you accept the URL from an external source and
     64 want to limit the accessibility.
     65 
     66 The CURLOPT_URL(3) string is ignored if CURLOPT_CURLU(3) is set.
     67 
     68 Either CURLOPT_URL(3) or CURLOPT_CURLU(3) must be set before a
     69 transfer is started.
     70 
     71 The application does not have to keep the string around after setting this
     72 option.
     73 
     74 Using this option multiple times makes the last set string override the
     75 previous ones. Set it to NULL to disable its use again. Note however that
     76 libcurl needs a URL set to be able to performed a transfer.
     77 
     78 The parser used for handling the URL set with CURLOPT_URL(3) is the same
     79 that curl_url_set(3) uses.
     80 
     81 # ENCODING
     82 
     83 The string pointed to in the CURLOPT_URL(3) argument is generally
     84 expected to be a sequence of characters using an ASCII compatible encoding.
     85 
     86 If libcurl is built with IDN support, the server name part of the URL can use
     87 an "international name" by using the current encoding (according to locale) or
     88 UTF-8 (when WinIDN is used; or a Windows Unicode build using libidn2).
     89 
     90 If libcurl is built without IDN support, the server name is used exactly as
     91 specified when passed to the name resolver functions.
     92 
     93 # DEFAULT
     94 
     95 NULL. If this option is not set, no transfer can be performed.
     96 
     97 # SECURITY CONCERNS
     98 
     99 Applications may at times find it convenient to allow users to specify URLs
    100 for various purposes and that string would then end up fed to this option.
    101 
    102 Getting a URL from an external untrusted party brings several security
    103 concerns:
    104 
    105 If you have an application that runs as or in a server application, getting an
    106 unfiltered URL can easily trick your application to access a local resource
    107 instead of a remote. Protecting yourself against localhost accesses is hard
    108 when accepting user provided URLs.
    109 
    110 Such custom URLs can also access other ports than you planned as port numbers
    111 are part of the regular URL format. The combination of a local host and a
    112 custom port number can allow external users to play tricks with your local
    113 services.
    114 
    115 Accepting external URLs may also use other protocols than http:// or other
    116 common ones. Restrict what accept with CURLOPT_PROTOCOLS_STR(3).
    117 
    118 User provided URLs can also be made to point to sites that redirect further on
    119 (possibly to other protocols too). Consider your
    120 CURLOPT_FOLLOWLOCATION(3) and CURLOPT_REDIR_PROTOCOLS_STR(3) settings.
    121 
    122 # %PROTOCOLS%
    123 
    124 # EXAMPLE
    125 
    126 ~~~c
    127 int main(void)
    128 {
    129   CURL *curl = curl_easy_init();
    130   if(curl) {
    131     curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
    132 
    133     curl_easy_perform(curl);
    134   }
    135 }
    136 ~~~
    137 
    138 # %AVAILABILITY%
    139 
    140 # RETURN VALUE
    141 
    142 curl_easy_setopt(3) returns a CURLcode indicating success or error.
    143 
    144 CURLE_OK (0) means everything was OK, non-zero means an error occurred, see
    145 libcurl-errors(3).
    146 
    147 Note that curl_easy_setopt(3) does not parse the given string so given a bad
    148 URL, it is not detected until curl_easy_perform(3) or similar is called.