Rails 3.2.17 Runtime Error Redirection Forbidden facebook

I have this code I use to get avatars from Facebook...

if auth.info.image.present?
      user.update_attribute(:avatar, URI.parse(auth.info.image))

When I try to load the code now I get this error:

A RuntimeError occurred in authentications#create:

  redirection forbidden: http://graph.facebook.com/672086173/picture?type=square -> https://fbcdn-profile-a.akamaihd.net/hprofile-ak-prn2/t5.0-1/1086349_672086173_156380036_q.jpg
  /home/ubuntu/.rvm/rubies/ruby-2.1.0/lib/ruby/2.1.0/open-uri.rb:223:in `open_loop'

I understand that this is a problem with Open-URI not allowing HTTP to HTTPS redirections... and I understand that this can be solved with Open-Uri-Redirections plugin https://github.com/jaimeiniesta/open_uri_redirections

But there are two things I don't understand:

  1. This was working just fine YESTERDAY... and I've changed nothing. So why, suddenly, can Paperclip not get the correct URL?
  2. The instructions for Open-Uri-redirections give the following example:

    open('http://github.com', :allow_redirections => :safe)

How would I reconcile this with my code above?



If you are using omniauth-facebook please follow deivid's answer.

Another way to solve this issue is to replace http with https. In that way it will redirect from https to https and you won't get a redirection forbidden error.


> url = auth.info.image
=> "http://graph.facebook.com/672086173/picture?type=square"

> avatar_url =url.gsub("­http","htt­ps")
=> "https://graph.facebook.com/672086173/picture?type=square"

I had the exact same problem. I solve it with following steps

First in your gemfile add

gem 'open_uri_redirections'

and run bundle install to install the gem

And then in your model


  def process_uri(uri)
    require 'open-uri'
    require 'open_uri_redirections'
    open(uri, :allow_redirections => :safe) do |r|

Now process the avatar url with the method like

if auth.info.image.present?
   avatar_url = process_uri(auth.info.image)
   user.update_attribute(:avatar, URI.parse(avatar_url))

Hope this helps anyone else that may be having this issue.

I actually think the cleanest way of handling this is directly requesting the avatar through https. To do that, just use


instead of


If you're using omniauth-facebook, you'll need to specify secure_image_url: true in your omniauth initializer to generate that url. Like so:

config.omniauth :facebook, "XXXX", "XXXX",
                           image_size: { width: 500, height: 500 },
                           secure_image_url: true

Your omniauth initializer should be in your config/initializers directory, probably called omniauth.rb or devise.rb if you're using it together with devise.

open_uri_redirections was not working for me. I could get it working by changing the original facebook image url to https from http. That way the redirect to the akamai CDN on https is not a http -> https redirect, but a https - https redirect.

in your example

user.update_attribute(:avatar, URI.parse(auth.info.image))

would become

uri = URI.parse(auth.info.image)
uri.scheme = 'https'
user.update_attribute(:avatar, URI.parse(uri))

I was with the same error. Yesterday it was working. So, i've used the following solution without gem:

url = URI.parse('<YOUR FACEBOOK URL>')

h = Net::HTTP.new url.host, url.port
h.use_ssl = url.scheme == 'https'

head = h.start do |u|
  u.head url.path

new_url = head['location']

I hope it can help you.

FWIW, @deep's solution wasn't quite working for me, although it did bring me significantly closer.

I ended up doing this:

    def process_uri(uri)
        require 'open-uri'
        require 'open_uri_redirections'
        open(uri, :allow_redirections => :safe) do |r|

And then:

avatar_url = process_uri(auth[:info][:image])
new_user.update_attribute(:remote_avatar_url, avatar_url)

Need Your Help

Haskell: Functions that sometimes return a function

haskell types functional-programming

How do you write a function that can either return a value or another function?

iOS Private API Documentation

iphone api ios4 documentation iphone-privateapi

Is there a web site or project documenting private APIs for the iPhone SDK?