curl 身份验证有效,但我无法访问其他页面

tag-icon tag-icon curl authorization
curl 身份验证有效,但我无法访问其他页面

我正在尝试使用 cURL 来自动化我们通常使用网站执行的一些流程。

我能够使用curl 和以下命令登录该网站:

curl -k -v -i --user "[user]:[password]" -D cookiejar.txt https://link/to/home/page

但是,当我尝试使用生成的cookiejar.txt文件用于后续调用,我没有获得授权。

浏览器向服务器发送以下数据:

GET /[my other page] HTTP/1.1
Host    [my host]
User-Agent  Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0
Accept  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-US,en;q=0.5
Accept-Encoding gzip, deflate
Cookie  JSESSIONID=[my session id]
Authorization   Basic [my encrypted string]
Connection  keep-alive

因此,我将第二个 cURL 调用更改为类似这样的内容,以确保也发送所有这些参数:

curl -i -X GET -k -v \
-b cookiejar.txt \
-H "Authorization: Basic [my encrypted string]" \
-H "Host: [my host]"  \
-H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0" \
-H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Accept-Language: en-US,en;q=0.5" \
-H "Connection: Keep-Alive" \
https://[my other page]

不幸的是这不起作用。如果我省略授权标题,我收到 401 错误。如果我将其包含在 cURL 请求中,我将获得登录页面(带有 200 OK 响应)。

控制台中没有错误至少可以提示我问题所在。

我很感激任何帮助我解决这个问题的想法。

答案1

这可能是由于授权期间重定向造成的。请参阅中的-L和选项。还可以尝试测试以查看您将被重定向到的实际页面(如果是这种情况)。--location-trustedman curl-w redirect_url

   -L, --location
          (HTTP/HTTPS) If the server reports that the requested page has  moved  to  a  different  location
          (indicated  with a Location: header and a 3XX response code), this option will make curl redo the
          request on the new place. If used together with -i, --include or -I,  --head,  headers  from  all
          requested  pages  will  be shown. When authentication is used, curl only sends its credentials to
          the initial host. If a redirect takes curl to a different host, it won't be able to intercept the
          user+password.  See  also  --location-trusted  on how to change this. You can limit the amount of
          redirects to follow by using the --max-redirs option.

          When curl follows a redirect and the request is not a plain GET (for example  POST  or  PUT),  it
          will  do  the  following  request  with  a  GET if the HTTP response was 301, 302, or 303. If the
          response code was any other 3xx code, curl will re-send the  following  request  using  the  same
          unmodified method.

   --location-trusted
          (HTTP/HTTPS)  Like  -L,  --location, but will allow sending the name + password to all hosts that
          the site may redirect to. This may or may not introduce a security breach if the  site  redirects
          you  to  a  site to which you'll send your authentication info (which is plaintext in the case of
          HTTP Basic authentication).

   -w, --write-out <format>
          Defines what to display on stdout after a completed and successful operation.  The  format  is  a
          string  that  may contain plain text mixed with any number of variables. The string can be speci‐
          fied as "string", to get read from a particular file you specify it "@filename" and to tell  curl
          to read the format from stdin you write "@-".

          The  variables  present  in  the output format will be substituted by the value or text that curl
          thinks fit, as described below. All variables are specified as %{variable_name} and to  output  a
          normal  % you just write them as %%. You can output a newline by using \n, a carriage return with
          \r and a tab space with \t.

          NOTE: The %-symbol is a special symbol in the win32-environment, where all occurrences of %  must
          be doubled when using this option.

          The variables available are:


          redirect_url   When  an  HTTP request was made without -L to follow redirects, this variable will
                         show the actual URL a redirect would take you to. (Added in 7.18.2)

答案2

我最终能够到达想要的页面。

看来我没有遵循正确的 URL 调用顺序。一旦我这样做了,就可以正确检索所需的页面。

非常感谢您的快速回复!

相关内容