1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_URL 5Section: 3 6Source: libcurl 7See-also: 8 - CURLINFO_REDIRECT_URL (3) 9 - CURLOPT_CURLU (3) 10 - CURLOPT_FORBID_REUSE (3) 11 - CURLOPT_FRESH_CONNECT (3) 12 - CURLOPT_PATH_AS_IS (3) 13 - CURLOPT_PROTOCOLS (3) 14 - curl_easy_perform (3) 15 - curl_url_get (3) 16 - curl_url_set (3) 17Protocol: 18 - All 19--- 20 21# NAME 22 23CURLOPT_URL - URL for this transfer 24 25# SYNOPSIS 26 27~~~c 28#include <curl/curl.h> 29 30CURLcode curl_easy_setopt(CURL *handle, CURLOPT_URL, char *URL); 31~~~ 32 33# DESCRIPTION 34 35Pass in a pointer to the *URL* to work with. The parameter should be a 36char * to a null-terminated string which must be URL-encoded in the following 37format: 38 39scheme://host:port/path 40 41For a greater explanation of the format please see RFC 3986. 42 43libcurl does not validate the syntax or use the URL until the transfer is 44started. Even if you set a crazy value here, curl_easy_setopt(3) might 45still return *CURLE_OK*. 46 47If the given URL is missing a scheme name (such as "http://" or "ftp://" etc) 48then libcurl guesses based on the host. If the outermost subdomain name 49matches DICT, FTP, IMAP, LDAP, POP3 or SMTP then that protocol gets used, 50otherwise HTTP is used. Since 7.45.0 guessing can be disabled by setting a 51default protocol, see CURLOPT_DEFAULT_PROTOCOL(3) for details. 52 53Should the protocol, either as specified by the URL scheme or deduced by 54libcurl from the hostname, not be supported by libcurl then 55*CURLE_UNSUPPORTED_PROTOCOL* is returned from either the curl_easy_perform(3) 56or curl_multi_perform(3) functions when you call them. Use 57curl_version_info(3) for detailed information of which protocols are supported 58by the build of libcurl you are using. 59 60CURLOPT_PROTOCOLS_STR(3) can be used to limit what protocols libcurl may 61use for this transfer, independent of what libcurl has been compiled to 62support. That may be useful if you accept the URL from an external source and 63want to limit the accessibility. 64 65The CURLOPT_URL(3) string is ignored if CURLOPT_CURLU(3) is set. 66 67Either CURLOPT_URL(3) or CURLOPT_CURLU(3) must be set before a 68transfer is started. 69 70The application does not have to keep the string around after setting this 71option. 72 73The parser used for handling the URL set with CURLOPT_URL(3) is the same 74that curl_url_set(3) uses. 75 76# ENCODING 77 78The string pointed to in the CURLOPT_URL(3) argument is generally 79expected to be a sequence of characters using an ASCII compatible encoding. 80 81If libcurl is built with IDN support, the server name part of the URL can use 82an "international name" by using the current encoding (according to locale) or 83UTF-8 (when winidn is used; or a Windows Unicode build using libidn2). 84 85If libcurl is built without IDN support, the server name is used exactly as 86specified when passed to the name resolver functions. 87 88# DEFAULT 89 90There is no default URL. If this option is not set, no transfer can be 91performed. 92 93# SECURITY CONCERNS 94 95Applications may at times find it convenient to allow users to specify URLs 96for various purposes and that string would then end up fed to this option. 97 98Getting a URL from an external untrusted party brings several security 99concerns: 100 101If you have an application that runs as or in a server application, getting an 102unfiltered URL can easily trick your application to access a local resource 103instead of a remote. Protecting yourself against localhost accesses is hard 104when accepting user provided URLs. 105 106Such custom URLs can also access other ports than you planned as port numbers 107are part of the regular URL format. The combination of a local host and a 108custom port number can allow external users to play tricks with your local 109services. 110 111Accepting external URLs may also use other protocols than http:// or other 112common ones. Restrict what accept with CURLOPT_PROTOCOLS(3). 113 114User provided URLs can also be made to point to sites that redirect further on 115(possibly to other protocols too). Consider your 116CURLOPT_FOLLOWLOCATION(3) and CURLOPT_REDIR_PROTOCOLS(3) settings. 117 118# EXAMPLE 119 120~~~c 121int main(void) 122{ 123 CURL *curl = curl_easy_init(); 124 if(curl) { 125 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); 126 127 curl_easy_perform(curl); 128 } 129} 130~~~ 131 132# AVAILABILITY 133 134POP3 and SMTP were added in 7.31.0 135 136# RETURN VALUE 137 138Returns CURLE_OK on success or CURLE_OUT_OF_MEMORY if there was insufficient 139heap space. 140 141Note that curl_easy_setopt(3) does not parse the given string so given a 142bad URL, it is not detected until curl_easy_perform(3) or similar is 143called. 144