Bug #5950

Feature #859: open-uri doesn't allow redirection to https

open-uri: https redirect fix

Added by Aaron Zauner almost 4 years ago. Updated over 2 years ago.

Assignee:Akira Tanaka
ruby -v:ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] Backport:


open-uri raises an exception if a http/s redirect refers to https.

original mail to the maintainer with a quickfix: https://gist.github.com/1704932


this is taken from the original ruby open-uri class,

fixed this to support secure socket http redirects:

def OpenURI.redirectable?(uri1, uri2) # :nodoc:
# This test is intended to forbid a redirection from http://... to
# file:///etc/passwd.
# However this is ad hoc. It should be extensible/configurable.
uri1.scheme.downcase == uri2.scheme.downcase ||
(/\A(?:http|ftp|https)\z/i =~ uri1.scheme && /\A(?:http|ftp|https)\z/i =~


#1 Updated by Jakob Hilden over 3 years ago

Seems like a duplicate of http://bugs.ruby-lang.org/issues/859

#2 Updated by Yusuke Endoh over 3 years ago

  • Status changed from Open to Assigned
  • Assignee set to Akira Tanaka

#3 Updated by Akira Tanaka over 2 years ago

  • Project changed from Ruby 1.8 to Ruby trunk
  • Category changed from lib to lib
  • Target version deleted (Ruby 1.8.7)

#4 Updated by Akira Tanaka over 2 years ago

  • Parent task set to #859

Also available in: Atom PDF