open-uri in Ruby 2.4 allows http to https redirection

Chirag Shah

By Chirag Shah

on March 2, 2017

In Ruby 2.3, if the argument to open-uri is http and the host redirects to https , then open-uri would throw an error.

1
2> require 'open-uri'
3> open('http://www.google.com/gmail')
4
5RuntimeError: redirection forbidden: http://www.google.com/gmail -> https://www.google.com/gmail/
6

To get around this issue, we could use open_uri_redirections gem.

1
2> require 'open-uri'
3> require 'open_uri_redirections'
4> open('http://www.google.com/gmail/', :allow_redirections => :safe)
5
6=> #<Tempfile:/var/folders/jv/fxkfk9_10nb_964rvrszs2540000gn/T/open-uri20170228-41042-2fffoa>
7

Ruby 2.4

In Ruby 2.4, this issue is fixed. So now http to https redirection is possible using open-uri.

1
2> require 'open-uri'
3> open('http://www.google.com/gmail')
4=> #<Tempfile:/var/folders/jv/fxkfk9_10nb_964rvrszs2540000gn/T/open-uri20170228-41077-1bkm1dv>
5

Note that redirection from https to http will raise an error, like it did in previous versions, since that has possible security concerns.

Stay up to date with our blogs. Sign up for our newsletter.

We write about Ruby on Rails, ReactJS, React Native, remote work,open source, engineering & design.