curl -L / --location: Follow Redirects
curl does not follow redirects by default, so a 302 just prints the redirect page.
Release assets, package mirrors, and CDNs almost always redirect. -L is what makes a download actually land on the file.
What it does
-L / --location tells curl to follow Location headers on 3xx responses until it reaches the final resource. By default curl does not follow redirects and just returns the 3xx body. --max-redirs limits how many hops it will make. For security, curl does not re-send the Authorization header to a different host unless you pass --location-trusted.
Common usage
curl -L -o app.zip https://github.com/owner/repo/releases/latest/download/app.zip
curl -fsSL https://example.com/install.sh | sh
curl -L --max-redirs 5 https://example.com/x
curl --location-trusted -H "Authorization: Bearer $T" https://internal/xFlags
| Flag | What it does |
|---|---|
| -L / --location | Follow 3xx redirects to the final URL |
| --max-redirs <n> | Cap the number of redirects (default 50) |
| --location-trusted | Re-send credentials to redirected hosts (use with care) |
| -f / --fail | Still fail if the final response is an error |
In CI
The classic install line curl -fsSL <url> | sh uses -L because the script URL redirects to a CDN. Keep --location-trusted off unless you control every host in the chain, since it forwards your token to wherever the redirect points.
Common errors in CI
Getting a tiny HTML body instead of your file usually means -L was missing and you captured the redirect page. curl: (47) Maximum (50) redirects followed indicates a redirect loop; investigate the URL or lower --max-redirs to fail faster.