How to follow a 3xx response's `Location` header to the final destination, and conversely how to observe redirects without following them.
How to follow a 3xx response's `Location` header to the final destination, and conversely how to observe redirects without following them.
# follow up to 10 redirects and show the final response:
curl -L --max-redirs 10 https://example.com/old-path
# see the redirect chain without following bodies:
curl -sIL https://example.com/old-path// fetch follows redirects by default (redirect: 'follow').
const res = await fetch('https://example.com/old-path');
console.log(res.redirected, res.url); // true, final URL
// to inspect instead of follow:
const raw = await fetch('https://example.com/old-path', { redirect: 'manual' });import requests
res = requests.get('https://example.com/old-path') # follows by default
print(res.url) # final URL
print([r.status_code for r in res.history]) # the redirect chain
# disable: requests.get(url, allow_redirects=False)curl does not follow redirects by default, so pass `-L`, and cap the count with `--max-redirs` to avoid loops. `fetch` and `requests` follow by default, so to inspect the redirect itself turn it off with `redirect: 'manual'` or `allow_redirects=False`.
Method-preservation rules differ by code. 301/302/303 often turn a POST into a GET, whereas 307/308 preserve the original method and body. So the outcome of redirecting a POST depends heavily on which code you get.
Mind security when following. On a cross-origin hop, curl drops the `Authorization` header by default. An HTTP→HTTPS upgrade redirect is safe, but blindly following a `Location` from an untrusted server risks SSRF and credential leakage.