私は通常、cURLを使用してWebサイトで実行されるいくつかのプロセスを自動化したいと思います。
カールと次のコマンドを使用してWebサイトにログインできます。
curl -k -v -i --user "[user]:[password]" -D cookiejar.txt https://link/to/home/page
しかし、生成されたものを使用しようとするとクッキーボトル.txtこのファイルは後続の通話に使用され、権限がありません。
ブラウザは次のデータをサーバーに送信します。
GET /[my other page] HTTP/1.1
Host [my host]
User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-US,en;q=0.5
Accept-Encoding gzip, deflate
Cookie JSESSIONID=[my session id]
Authorization Basic [my encrypted string]
Connection keep-alive
したがって、すべてのパラメータも送信されるように、2番目のcURL呼び出しを次のように変更しました。
curl -i -X GET -k -v \
-b cookiejar.txt \
-H "Authorization: Basic [my encrypted string]" \
-H "Host: [my host]" \
-H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0" \
-H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Accept-Language: en-US,en;q=0.5" \
-H "Connection: Keep-Alive" \
https://[my other page]
残念ながら、これは機能しません。私が省略した場合承認するタイトル、401エラーが発生します。これをcURLリクエストに含めると、ログインページ(200 OK応答)が表示されます。
少なくとも問題に関するヒントを提供するために、コンソールにエラーはありません。
この問題を解決するのに役立つアイデアをいただきありがとうございます。
ベストアンサー1
これは、認証中のリダイレクトによって発生する可能性があります。-Lとオプションを参照してください。また、リダイレクトされる実際のページを確認するためにテストしてみてください(この場合)。--location-trustedman curl-w redirect_url
-L, --location
(HTTP/HTTPS) If the server reports that the requested page has moved to a different location
(indicated with a Location: header and a 3XX response code), this option will make curl redo the
request on the new place. If used together with -i, --include or -I, --head, headers from all
requested pages will be shown. When authentication is used, curl only sends its credentials to
the initial host. If a redirect takes curl to a different host, it won't be able to intercept the
user+password. See also --location-trusted on how to change this. You can limit the amount of
redirects to follow by using the --max-redirs option.
When curl follows a redirect and the request is not a plain GET (for example POST or PUT), it
will do the following request with a GET if the HTTP response was 301, 302, or 303. If the
response code was any other 3xx code, curl will re-send the following request using the same
unmodified method.
--location-trusted
(HTTP/HTTPS) Like -L, --location, but will allow sending the name + password to all hosts that
the site may redirect to. This may or may not introduce a security breach if the site redirects
you to a site to which you'll send your authentication info (which is plaintext in the case of
HTTP Basic authentication).
-w, --write-out <format>
Defines what to display on stdout after a completed and successful operation. The format is a
string that may contain plain text mixed with any number of variables. The string can be speci‐
fied as "string", to get read from a particular file you specify it "@filename" and to tell curl
to read the format from stdin you write "@-".
The variables present in the output format will be substituted by the value or text that curl
thinks fit, as described below. All variables are specified as %{variable_name} and to output a
normal % you just write them as %%. You can output a newline by using \n, a carriage return with
\r and a tab space with \t.
NOTE: The %-symbol is a special symbol in the win32-environment, where all occurrences of % must
be doubled when using this option.
The variables available are:
redirect_url When an HTTP request was made without -L to follow redirects, this variable will
show the actual URL a redirect would take you to. (Added in 7.18.2)