What would be allowed after SSL? By default, does curl allow redirects to http:/... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		metadat on July 17, 2024 \| parent \| context \| favorite \| on: Show HN: Magic-cli – A copilot for your command li... What would be allowed after SSL? By default, does curl allow redirects to http:// via -L? If so.. that's kinda sketchy from a security perspective. Especially because the flag you've shown is very unwieldy.

dijit on July 17, 2024 [–]

curl will not follow any redirects without -L, including from http to https.

But -L is very useful, so being able to prevent downgrades has useful functionality to help restrict it.

metadat on July 17, 2024 | [–]

This has nothing to do with what I'm attempting to discuss.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact