I have two "problems" with curl. First I have to remember every kind of HTTP header (no autocomplete) and second write/edit command lines (especially JSON bodies etc) is a bit unfriendly.
Nice idea, but this tool doesn't escape URLs properly. The biggest problem are "&" characters, but also "?" characters make trouble in some shells (e.g. zsh).
Adding double quotes is risky with regard to "`", "$" and other special shell characters.
Adding single quotes is safer, but will fail if the argument itself contains single quotes.
To my knowledge, the correct shell escaping is to surround your argument with single quotes, and before doing that, replace each contained single quote
'
with the following sequence (1):
'\''
Alternatively, you can use (2):
'"'"'
Both sequences work the same way: First, terminate the single-quoted string. Then, add an escaped single quote, either with backslash (1) or by encapsulating into double quotes (2). Finally, start an new single-quoted string.
As far as I know, escaping single quotes inside single quotes doesn't work in bash:
tiksi@emperor:~$ curl 'http://\'test'
>
>
>
>^C
tiksi@emperor:~$ curl 'http://\'test''
curl: (6) Could not resolve host: \test
tiksi@emperor:~$
Anything inside single quotes is treated literally, so no escapes work.( Unless you're doing $'.stuffhere', but that's a whole other can of worms). The double quotes around single quotes does work though.
Yeah, awk can be tricky. This tutorial[0] was posted awhile back and I bookmarked it because I found it to be very useful. Check it out if you haven't seen it.
There's a lot of benefit in something that can properly escape data, for instance. I'm totally comfortable with curl but sometimes physically typing the command line is harder than deciding what should go in it.
-H is for headers; yes, but basic auth is actually the base64-encoded string of user:pass , so if constructing it manually you'd want to do something like curl -H "Authorization: Basic $(echo -n 'user:pass' |base64)" http://whatever .
Curl provides a shortcut for this as --user; e.g. curl --user name:pass http://example.com
You can also use curl --negotiate -u : for kerberos (provided curl is built with it and spengo). curl supports quite a few less used auth methods, but OP mentioned custom headers, not basic auth per se, (thats why I used Authentication instead of WWW-Authenticate or Authorization as an example)
While I appreciate the idea and the work that's gone into this site, sadly it seems too basic to be of much use. It only supports half a dozen flags - all of which are easy to use normally anyway. It's missing user agent, headers, cookies, etc. The latter two being items that could be particularly tricky for the "curl novice".
Yes, the site is very basic, it's just an "Hello world" experiment in AngularJS. Though I was thinking someone could find it useful and I put it online. If the interest grows I'll probably add more features and integrations.
Seems pretty helpful, though for most of my endpoint testing I've switched to httpie[1], and my teammates have followed. The only exception is when I need to load-test a service real quick, and curl can make requests much faster than httpie.
I love httpie as well but recently I switched to bat [0] which offers pretty much the same thing but is written in Go so is deployed as a single binary.
Just for the info, Chrome (and possibly other browsers as well) allows to build cURL commands from any network calls with a right-click on a HTTP call in the Network tab.
I'm a huge fan of "Paw" for OS X (https://luckymarmot.com/paw). After you construct your query, it generates the equivalent code for curl, Objective-C (NSURLConnection or AFNetworking), Python, jQuery, or several others. It also now integrates with Mashape so you can download preconstructed libraries of API calls.
Disclaimer: I have no connection with Paw's developers - I'm just a very happy user.
I am too. Especially the ability to configure "environments" to collect variables you'll reuse, the export options (copy as curl, as jQuery.ajax, etc) and the oauth workflow tools built in. Paw is a wildly useful tool.
I'm a big fan of right clicking on the request in the Chrome developer console and selecting "Copy as cURL". Obviously only works if you're doing browser stuff, but super helpful nonetheless.
46 comments
[ 4.4 ms ] story [ 101 ms ] threadI was hoping for some JS library that would generate the commands with proper escaping etc.
Of course this is just a 10 minutes experiment.
Edit:
Example of this in zsh:
Adding single quotes is safer, but will fail if the argument itself contains single quotes.
To my knowledge, the correct shell escaping is to surround your argument with single quotes, and before doing that, replace each contained single quote
with the following sequence (1): Alternatively, you can use (2): Both sequences work the same way: First, terminate the single-quoted string. Then, add an escaped single quote, either with backslash (1) or by encapsulating into double quotes (2). Finally, start an new single-quoted string.That's why you have to escape single quotes with
rather than just As I said, you first have to terminate the single-quoted string, then add the single quote, then start a new single-quoted string.In your example, my variant (1) leads to:
And my variant (2) leads to:I have found the terminate and escape quite useful for color codes though
not sure how I never thought to use it for '\'', but thats getting added to my toolbox :)Does anybody know how to escape curly braces on tcsh?
[0] http://ferd.ca/awk-in-20-minutes.html
Curl provides a shortcut for this as --user; e.g. curl --user name:pass http://example.com
Try it yourself with -vvv to see all the headers from both ends. Ref: http://curl.haxx.se/docs/httpscripting.html#Basic_Authentica...
http basic auth protocol: http://en.m.wikipedia.org/wiki/Basic_access_authentication
Instead I'd probably recommend people use Chrome/Chromium's developer tools which can export HTTP requests as curl commands: https://coderwall.com/p/-fdgoq/chrome-developer-tools-adds-c...
https://news.ycombinator.com/item?id=9426493
[1] https://github.com/jakubroztocil/httpie
[0] - https://github.com/astaxie/bat
This also makes me want to go back and add Copy as curl to hurl.it.
This would be useful for things like grabbing a test Stripe webhook sent to requestb.in and sending it to your local dev server.
(I think there are some things you can host yourself to capture and replay HTTP requests, however - I can't remember what they are)
Another favorite of mine is the Tamper extension, which lets you edit js / css and reload the page, having your edited versions served from mitmproxy: https://chrome.google.com/webstore/detail/tamper/mabhojhgigk...
Disclaimer: I have no connection with Paw's developers - I'm just a very happy user.
- another unpaid but wholly satisfied user