1--- 2c: Copyright (C) Daniel Stenberg, <daniel.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_URL 5Section: 3 6Source: libcurl 7See-also: 8 - CURLINFO_REDIRECT_URL (3) 9 - CURLOPT_CURLU (3) 10 - CURLOPT_FORBID_REUSE (3) 11 - CURLOPT_FRESH_CONNECT (3) 12 - CURLOPT_PATH_AS_IS (3) 13 - CURLOPT_PROTOCOLS (3) 14 - curl_easy_perform (3) 15 - curl_url_get (3) 16 - curl_url_set (3) 17--- 18 19# NAME 20 21CURLOPT_URL - URL for this transfer 22 23# SYNOPSIS 24 25~~~c 26#include <curl/curl.h> 27 28CURLcode curl_easy_setopt(CURL *handle, CURLOPT_URL, char *URL); 29~~~ 30 31# DESCRIPTION 32 33Pass in a pointer to the *URL* to work with. The parameter should be a 34char * to a null-terminated string which must be URL-encoded in the following 35format: 36 37scheme://host:port/path 38 39For a greater explanation of the format please see RFC 3986. 40 41libcurl does not validate the syntax or use the URL until the transfer is 42started. Even if you set a crazy value here, curl_easy_setopt(3) might 43still return *CURLE_OK*. 44 45If the given URL is missing a scheme name (such as "http://" or "ftp://" etc) 46then libcurl guesses based on the host. If the outermost subdomain name 47matches DICT, FTP, IMAP, LDAP, POP3 or SMTP then that protocol gets used, 48otherwise HTTP is used. Since 7.45.0 guessing can be disabled by setting a 49default protocol, see CURLOPT_DEFAULT_PROTOCOL(3) for details. 50 51Should the protocol, either as specified by the URL scheme or deduced by 52libcurl from the hostname, not be supported by libcurl then 53*CURLE_UNSUPPORTED_PROTOCOL* is returned from either the curl_easy_perform(3) 54or curl_multi_perform(3) functions when you call them. Use 55curl_version_info(3) for detailed information of which protocols are supported 56by the build of libcurl you are using. 57 58CURLOPT_PROTOCOLS_STR(3) can be used to limit what protocols libcurl may 59use for this transfer, independent of what libcurl has been compiled to 60support. That may be useful if you accept the URL from an external source and 61want to limit the accessibility. 62 63The CURLOPT_URL(3) string is ignored if CURLOPT_CURLU(3) is set. 64 65Either CURLOPT_URL(3) or CURLOPT_CURLU(3) must be set before a 66transfer is started. 67 68The application does not have to keep the string around after setting this 69option. 70 71The parser used for handling the URL set with CURLOPT_URL(3) is the same 72that curl_url_set(3) uses. 73 74# ENCODING 75 76The string pointed to in the CURLOPT_URL(3) argument is generally 77expected to be a sequence of characters using an ASCII compatible encoding. 78 79If libcurl is built with IDN support, the server name part of the URL can use 80an "international name" by using the current encoding (according to locale) or 81UTF-8 (when winidn is used; or a Windows Unicode build using libidn2). 82 83If libcurl is built without IDN support, the server name is used exactly as 84specified when passed to the name resolver functions. 85 86# DEFAULT 87 88There is no default URL. If this option is not set, no transfer can be 89performed. 90 91# SECURITY CONCERNS 92 93Applications may at times find it convenient to allow users to specify URLs 94for various purposes and that string would then end up fed to this option. 95 96Getting a URL from an external untrusted party brings several security 97concerns: 98 99If you have an application that runs as or in a server application, getting an 100unfiltered URL can easily trick your application to access a local resource 101instead of a remote. Protecting yourself against localhost accesses is hard 102when accepting user provided URLs. 103 104Such custom URLs can also access other ports than you planned as port numbers 105are part of the regular URL format. The combination of a local host and a 106custom port number can allow external users to play tricks with your local 107services. 108 109Accepting external URLs may also use other protocols than http:// or other 110common ones. Restrict what accept with CURLOPT_PROTOCOLS(3). 111 112User provided URLs can also be made to point to sites that redirect further on 113(possibly to other protocols too). Consider your 114CURLOPT_FOLLOWLOCATION(3) and CURLOPT_REDIR_PROTOCOLS(3) settings. 115 116# PROTOCOLS 117 118All 119 120# EXAMPLE 121 122~~~c 123int main(void) 124{ 125 CURL *curl = curl_easy_init(); 126 if(curl) { 127 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); 128 129 curl_easy_perform(curl); 130 } 131} 132~~~ 133 134# AVAILABILITY 135 136POP3 and SMTP were added in 7.31.0 137 138# RETURN VALUE 139 140Returns CURLE_OK on success or CURLE_OUT_OF_MEMORY if there was insufficient 141heap space. 142 143Note that curl_easy_setopt(3) does not parse the given string so given a 144bad URL, it is not detected until curl_easy_perform(3) or similar is 145called. 146