Back to Blog

open-uri in Ruby 2.4 allows http to https redirection

on March 2, 2017

In Ruby 2.3, if the argument to open-uri is http and the host redirects to https , then open-uri would throw an error.

1
2> require 'open-uri'
3> open('http://www.google.com/gmail')
4
5RuntimeError: redirection forbidden: http://www.google.com/gmail -> https://www.google.com/gmail/
6

To get around this issue, we could use open_uri_redirections gem.

1
2> require 'open-uri'
3> require 'open_uri_redirections'
4> open('http://www.google.com/gmail/', :allow_redirections => :safe)
5
6=> #<Tempfile:/var/folders/jv/fxkfk9_10nb_964rvrszs2540000gn/T/open-uri20170228-41042-2fffoa>
7

Ruby 2.4

In Ruby 2.4, this issue is fixed. So now http to https redirection is possible using open-uri.

1
2> require 'open-uri'
3> open('http://www.google.com/gmail')
4=> #<Tempfile:/var/folders/jv/fxkfk9_10nb_964rvrszs2540000gn/T/open-uri20170228-41077-1bkm1dv>
5

Note that redirection from https to http will raise an error, like it did in previous versions, since that has possible security concerns.


You might also like

If you liked this blog post, check out similar ones from BigBinary