Curl Follow Redirect(s)
The short answer
To make [.inline-code]curl[.inline-code] follow a redirect, you can use the [.inline-code]-L[.inline-code] flag (short for [.inline-code]--location[.inline-code]) as follows:
When sending an HTTP request with [.inline-code]curl[.inline-code], the server may respond with an HTTP 3XX (e.g. 300, 301, 302), indicating that the requested resource has been moved to a different location (i.e. URL). This new location can be found in the [.inline-code]Location[.inline-code] header of the response.
By default, [.inline-code]curl[.inline-code] will not follow this redirect.
To make [.inline-code]curl[.inline-code] follow a redirect and get the requested resource from the new URL, you can use the [.inline-code]-L[.inline-code] flag as shown above.
This flag is often used by developers to get detailed information about how the server processed their request. For example, when performing basic authentication or sending JSON data.
[#easily-recall-with-ai]Easily retrieve this command using Warp’s AI Command Search[#easily-recall-with-ai]
If you’re using Warp as your terminal, you can easily retrieve this command using the Warp AI Command Search feature:
Entering [.inline-code]curl follow redirect[.inline-code] in the AI Command Search will prompt a [.inline-code]curl[.inline-code] command that can then quickly be inserted into your shell by doing [.inline-code]CMD+ENTER[.inline-code].
[#follow-multiple-redirects]Following multiple redirects with [.inline-code]curl[.inline-code][#follow-multiple-redirects]
When using [.inline-code]-L[.inline-code], [.inline-code]curl[.inline-code] will follow up to 50 sequential redirects by default.
[#increase-max-redirs]Extend the maximum allowed [.inline-code]curl[.inline-code] redirects[#increase-max-redirs]
A poorly configured server has the potential to cause [.inline-code]curl[.inline-code] to get stuck in an infinite loop by sending back a response that redirects to the same URL. To avoid this, you can use the [.inline-code]--max-redirs[.inline-code] flag to limit the number of redirects curl follows:
[#print-redirects-to-terminal]Print [.inline-code]curl[.inline-code] redirects to the terminal[#print-redirects-to-terminal]
If you want to also print the redirects, you can do so by logging the request and response headers while in the process of being redirected. Combine [.inline-code]curl[.inline-code] with the [.inline-code]-v[.inline-code] flag (short for [.inline-code]--verbose[.inline-code]) as follows:
Note that when [.inline-code]curl[.inline-code] follows an HTTP 301, 302, or 303 redirect, and the original request method is not a plain GET (e.g. it is a POST or PUT), the ensuing requests will automatically be converted into a GET, which means that the original body of the request will not be passed along.
[#broken-redirect-chains][.inline-code]curl[.inline-code] and 301, 302, etc. redirects[#broken-redirect-chains]
In the context of following redirects, [.inline-code]curl[.inline-code] treats all redirect requests the same regardless of 3XX status code.
An HTTP 301 redirect indicates that the requested resource has been permanently moved to the URL specified in the [.inline-code]Location[.inline-code] header of the response. This redirect is often used when a website or API is redesigned or restructured, and some of its URLs have changed.
An HTTP 302 redirect, on the other hand, indicates that the requested resource has been temporarily moved to the URL specified in the [.inline-code]Location[.inline-code] header of the response. This redirect is often used when a website or API is undergoing short-term changes, such as maintenance operations.
Despite these differences, [.inline-code]curl[.inline-code] invoked with [.inline-code]-L[.inline-code] will simply carry on to make the ensuing request.
Avoiding common pitfalls
Verifying a broken redirect chain
[.inline-code]curl[.inline-code] may sometimes fail to follow a redirect sent by a server due to a broken or invalid URL. To verify that the redirect target is valid and accessible, you can use the [.inline-code]-I[.inline-code] (capital “i”) flag to only fetch the HTTP headers without including the content.
[#forwarding-credentials]Forwarding credentials to another host[#forwarding-credentials]
When performing an authentication with curl, the provided credentials will not be forwarded alongside the request if a redirect takes curl to a different host than the initial one. To bypass this behavior, you can use the [.inline-code]--location-trusted[.inline-code] flag as follows:
Note that you should be particularly careful when using this flag as it may introduce a security breach if the redirect forwards your credentials to an untrusted or malicious host.
Written by
