open-uri in Ruby 2.4 allows http to https redirection

Chirag Shah

By Chirag Shah

on March 2, 2017

In Ruby 2.3, if the argument to open-uri is http and the host redirects to https , then open-uri would throw an error.

1
2> require 'open-uri'
3> open('http://www.google.com/gmail')
4
5RuntimeError: redirection forbidden: http://www.google.com/gmail -> https://www.google.com/gmail/
6

To get around this issue, we could use open_uri_redirections gem.

1
2> require 'open-uri'
3> require 'open_uri_redirections'
4> open('http://www.google.com/gmail/', :allow_redirections => :safe)
5
6=> #<Tempfile:/var/folders/jv/fxkfk9_10nb_964rvrszs2540000gn/T/open-uri20170228-41042-2fffoa>
7

Ruby 2.4

In Ruby 2.4, this issue is fixed. So now http to https redirection is possible using open-uri.

1
2> require 'open-uri'
3> open('http://www.google.com/gmail')
4=> #<Tempfile:/var/folders/jv/fxkfk9_10nb_964rvrszs2540000gn/T/open-uri20170228-41077-1bkm1dv>
5

Note that redirection from https to http will raise an error, like it did in previous versions, since that has possible security concerns.