Make curl default to HTTPS
When you run curl
without giving a protocol in the URL (e.g.,
curl example.com/file
), the request is made over plain-text HTTP.
The curl v7.45.0 release (10/2015) added an option to use HTTPS instead. You can make it the default protocol for bare domains like this:
$ curl -v tomayko.com 2>&1 | grep Connected
* Connected to tomayko.com (104.27.134.227) port 80 (#0)
# add the proto-default line to your curl config file
$ echo proto-default = https >> ~/.curlrc
$ curl -v tomayko.com 2>&1 | grep Connected
* Connected to tomayko.com (104.27.134.227) port 443 (#0)
In addition to the obvious benefit of preventing accidental plain-text requests
in a world that’s increasingly HTTPS by default, this also avoids having to
re-run commands with explicit https://
URLs (or with curl -L
) after
scratching your head when the first invocation gives no output.
It’s not all upside, though. If, like me, you use curl
on servers to interact
with daemon stats URLs like Nginx’s stub status module or Golang’s
expvars, you’ll need to remember to use http://
URLs on the command line
and in scripts. There’s no attempt to auto-downgrade requests to HTTP when SSL
negotiation fails.