Curl Follow Redirect(s)

The short answer

To make curl follow a redirect, you can use the -L flag (short for --location) as follows:

$ curl -L <url>

When sending an HTTP request with curl, the server may respond with an HTTP 3XX (e.g. 300, 301, 302), indicating that the requested resource has been moved to a different location (i.e. URL). This new location can be found in the Location header of the response.

By default, curl will not follow this redirect.

To make curl follow a redirect and get the requested resource from the new URL, you can use the -L flag as shown above.

This flag is often used by developers to get detailed information about how the server processed their request. For example, when performing basic authentication or sending JSON data.

Easily retrieve this command using Warp’s AI Command Search

If you’re using Warp as your terminal, you can easily retrieve this command using the Warp AI Command Search feature:

‍

Entering curl follow redirect in the AI Command Search will prompt a curl command that can then quickly be inserted into your shell by doing CMD+ENTER.

Following multiple redirects with curl

When using -L, curl will follow up to 50 sequential redirects by default.

Extend the maximum allowed curl redirects

A poorly configured server has the potential to cause curl to get stuck in an infinite loop by sending back a response that redirects to the same URL. To avoid this, you can use the --max-redirs flag to limit the number of redirects curl follows:

$ curl -L --max-redirs 5 <url>

Print curl redirects to the terminal

If you want to also print the redirects, you can do so by logging the request and response headers while in the process of being redirected. Combine curl with the -v flag (short for --verbose) as follows:

$ curl -v -L <url>

Note that when curl follows an HTTP 301, 302, or 303 redirect, and the original request method is not a plain GET (e.g. it is a POST or PUT), the ensuing requests will automatically be converted into a GET, which means that the original body of the request will not be passed along.

curl and 301, 302, etc. redirects

In the context of following redirects, curl treats all redirect requests the same regardless of 3XX status code.

An HTTP 301 redirect indicates that the requested resource has been permanently moved to the URL specified in the Location header of the response. This redirect is often used when a website or API is redesigned or restructured, and some of its URLs have changed.

An HTTP 302 redirect, on the other hand, indicates that the requested resource has been temporarily moved to the URL specified in the Location header of the response. This redirect is often used when a website or API is undergoing short-term changes, such as maintenance operations.

Despite these differences, curl invoked with -L will simply carry on to make the ensuing request.

Avoiding common pitfalls

Verifying a broken redirect chain

curl may sometimes fail to follow a redirect sent by a server due to a broken or invalid URL. To verify that the redirect target is valid and accessible, you can use the -I (capital “i”) flag to only fetch the HTTP headers without including the content.

$ curl -I <url>

Forwarding credentials to another host

When performing an authentication with curl, the provided credentials will not be forwarded alongside the request if a redirect takes curl to a different host than the initial one. To bypass this behavior, you can use the --location-trusted flag as follows:

$ curl --location-trusted -u user:password <url>

Note that you should be particularly careful when using this flag as it may introduce a security breach if the redirect forwards your credentials to an untrusted or malicious host.