Skip to content
Latchkey

curl -L / --location: Follow Redirects

curl does not follow redirects by default, so a 302 just prints the redirect page.

Release assets, package mirrors, and CDNs almost always redirect. -L is what makes a download actually land on the file.

What it does

-L / --location tells curl to follow Location headers on 3xx responses until it reaches the final resource. By default curl does not follow redirects and just returns the 3xx body. --max-redirs limits how many hops it will make. For security, curl does not re-send the Authorization header to a different host unless you pass --location-trusted.

Common usage

Terminal
curl -L -o app.zip https://github.com/owner/repo/releases/latest/download/app.zip
curl -fsSL https://example.com/install.sh | sh
curl -L --max-redirs 5 https://example.com/x
curl --location-trusted -H "Authorization: Bearer $T" https://internal/x

Flags

FlagWhat it does
-L / --locationFollow 3xx redirects to the final URL
--max-redirs <n>Cap the number of redirects (default 50)
--location-trustedRe-send credentials to redirected hosts (use with care)
-f / --failStill fail if the final response is an error

In CI

The classic install line curl -fsSL <url> | sh uses -L because the script URL redirects to a CDN. Keep --location-trusted off unless you control every host in the chain, since it forwards your token to wherever the redirect points.

Common errors in CI

Getting a tiny HTML body instead of your file usually means -L was missing and you captured the redirect page. curl: (47) Maximum (50) redirects followed indicates a redirect loop; investigate the URL or lower --max-redirs to fail faster.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →