Because it assumes it's insecure. That's quite annoying and should be configurable.



def OpenURI.redirectable?(uri1, uri2)
    true
end

This monkey-patch fixes the issue and remove the check.

A bug exists for the stdlib http://bugs.ruby-lang.org/issues/859 but fixes just the other way round.