Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can cURL detect 307 response?

For my research I need to cURL the fqdns and get their status codes. (For Http, Https services) But some http urls open as https although it returns 200 with cURL. (successful request, no redirect)

curl -I  http://example.example.com/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 Nov 2021 10:43:32 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 64991
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Link: <https://example.example.com/>; rel=shortlink
X-Powered-By: WP Engine
X-Cacheable: SHORT
Vary: Accept-Encoding,Cookie
Cache-Control: max-age=600, must-revalidate
X-Cache: HIT: 10
X-Cache-Group: normal
Accept-Ranges: bytes

As seen above I get 200 response with curl request. But I can see the 307 code in my browser. (available in the picture below)

Request URL: http://example.example.com/
Request Method: GET
Status Code: 307 Internal Redirect
Referrer Policy: strict-origin-when-cross-origin

Can I detect 307 code with curl? (-L parameter doesn't work) Any suggestions?

like image 297
Abdullah Avatar asked Nov 22 '21 08:11

Abdullah


People also ask

Does curl handle redirects?

In curl's tradition of only doing the basics unless you tell it differently, it does not follow HTTP redirects by default. Use the -L, --location option to tell it to do that. When following redirects is enabled, curl will follow up to 50 redirects by default.

What is a 307 response code?

HTTP 307 Temporary Redirect redirect status response code indicates that the resource requested has been temporarily moved to the URL given by the Location headers. The method and the body of the original request are reused to perform the redirected request.


Video Answer


2 Answers

curl -w '%{response_code}\n' -so /dev/null $URL

It can be tested out like this:

curl -w '%{response_code}\n' -so /dev/null httpbin.org/status/307 

so what is the 307 in the question?

As Stefan explains here in a separate answer: that's an internal message from Chrome that informs you that it uses HSTS. It is not an actual response code. Which is why curl can't show it. Chrome should make that clearer.

HSTS

HSTS is a way for a HTTPS server to ask clients to not contact them over clear text HTTP again. curl also supports HSTS but then you need to use --hsts - and curl will still not confusingly claim any 307 response codes.

like image 127
Daniel Stenberg Avatar answered Nov 05 '22 05:11

Daniel Stenberg


The 307 http status isn't actually a response that is sent by a server. It's an internal redirect, something that your browser does for you before even sending the request to the server. That's why it won't show up in curl. It's a feature of your browser. cURL is much more reliable when it comes to sending unaltered requests.

A 307 (especially since you mention https redirects) internal redirect is usually encountered when dealing with the security feature of HSTS (HTTP strict-transport-security) where the whole purpose is to make sure that you never send unencrypted http requests to a server that wants to communicate via encrypted https.

See this.

like image 29
Stefan Schulte Avatar answered Nov 05 '22 05:11

Stefan Schulte