2011/2/18 Xavier Del Castillo <xdelcastillo / archlinux.us>:

>    # However this is ad hoc.  It should be extensible/configurable.
>
> This mentions that "https to http" redirects are forbidden intentionally,
> but redirections from "http to https" are also blocked.
>
> Is there a way to override this security check? currently I had to change
> the
> following line in the library to allow "http to https" re-directions:
>
> (/\A(?:http|ftp)\z/i =~ uri1.scheme && /\A(?:http|ftp)\z/i =~ uri2.scheme)

Currently it is not configurable (as the comment says) except monkey patching.

Maybe open-uri should have some hooks.
-- 
Tanaka Akira