What is the meaning of "curl -k -i -X" in Linux?

Solution 1

-k, --insecure: If you are doing curl to a website which is using a self-signed SSL certificate then curl will give you an error as curl couldn't verify the certificate. In that case, you could use -k or --insecure flag to skip certificate validation.

Example:

[root@arif]$ curl --head https://xxx.xxx.xxx.xxx/login

curl: (60) Peer's Certificate issuer is not recognized. 
More details here: http://curl.haxx.se/docs/sslcerts.html 
curl performs SSL certificate verification by default, using a 
"bundle" of Certificate Authority (CA) public keys (CA certs).
If the default bundle file isn't adequate, you can specify an 
alternate file using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented 
in the bundle, the certificate verification probably failed 
due to a problem with the certificate (it might be expired, 
or the name might not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate,
use the -k (or --insecure) option.

[root@arif]$ curl -k --head https://xxx.xxx.xxx.xxx/login

HTTP/1.1 302 Moved Temporarily
Date: Thu, 07 Dec 2017 04:53:44 GMT
Transfer-Encoding: chunked
Location: https://xxx.xxx.xxx.xxx/login 
X-FRAME-OPTIONS: SAMEORIGIN
Set-Cookie: JSESSIONID=xxxxxxxxxxx; path=/; HttpOnly

-i, --include: This flag will include http header. Usually http header are consist of server name, date, content type etc.

Example:

[root@arif]$ curl https://google.com

<HTML><HEAD><meta http-equiv="content-type" content="text/html charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="https://www.google.com/">here</A>. </BODY></HTML>

[root@arif]$ curl -i https://google.com

HTTP/1.1 301 Moved Permanently
Location: https://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Thu, 07 Dec 2017 05:13:44 GMT
Expires: Sat, 06 Jan 2018 05:13:44 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 220
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339;
quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000;
v="41,39,38,37,35"
<HTML><HEAD><meta http-equiv="content-.....

-X, --request: This flag will used to send custom request to the server. Most of the time we do GET, HEAD, and POST. But if you need specific request like PUT, FTP, DELETE then you can use this flag. Following example will send a delete request to the google.com

Example:

[root@arif]$ curl -X DELETE google.com

..........................
<p><b>405.</b> <ins>That’s an error.</ins>
<p>The request method <code>DELETE</code> is inappropriate for the URL
<code>/</code>.  <ins>That’s all we know.</ins>`

Solution 2

It is clearly documented here.

Edit

From the man page

-k, --insecure

(TLS) By default, every SSL connection curl makes is verified to be secure. This option allows curl to proceed and operate even for server connections otherwise considered insecure.

The server connection is verified by making sure the server's certificate contains the right name and verifies successfully using the cert store.

This means that with -k, curl will accept connections to HTTPS even if there are certificate errors (outdated certificate, self-issued certificate, etc.)

-i, --include

Include the HTTP response headers in the output. The HTTP response headers can include things like server name, cookies, date of the document, HTTP version and more...

To view the request headers, consider the -v, --verbose option.

See also -v, --verbose

There are not much I can say about this in layman language. If you are not familiar with HTTP response headers, this is where you can find more information.

-X, --request

(HTTP) Specifies a custom request method to use when communicating with the HTTP server. The specified request method will be used instead of the method otherwise used (which defaults to GET). Read the HTTP 1.1 specification for details and explanations. Common additional HTTP requests include PUT and DELETE, but related technologies like WebDAV offers PROPFIND, COPY, MOVE and more.

Normally you don't need this option. All sorts of GET, HEAD, POST and PUT requests are rather invoked by using dedicated command line options.

This option only changes the actual word used in the HTTP request, it does not alter the way curl behaves. So for example if you want to make a proper HEAD request, using -X HEAD will not suffice. You need to use the -I, --head option.

The method string you set with -X, --request will be used for all requests, which if you for example use -L, --location may cause unintended side-effects when curl doesn't change request method according to the HTTP 30x response codes - and similar.

(FTP) Specifies a custom FTP command to use instead of LIST when doing file lists with FTP.

(POP3) Specifies a custom POP3 command to use instead of LIST or RETR. (Added in 7.26.0)

(IMAP) Specifies a custom IMAP command to use instead of LIST. (Added in 7.30.0)

(SMTP) Specifies a custom SMTP command to use instead of HELP or VRFY. (Added in 7.34.0)

If this option is used several times, the last one will be used.

When you use curl to access a web page it is actually sending the GET request to the server. There are other kinds of request that can be used and -X is the way to specify this. As noted above, this command is usually not needed. For example, if you need a POST request you can use -d rather than using -X. Without further information it's hard to say why you need -X in your API call.

Related videos on Youtube

18 : 12

HTTP протокол на пальцах

letsCode

81

Author by

Zac

Updated on September 18, 2022