How to solve PHP cURL Warning: curl_set_opt_array(): CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set


cURL is a library that lets you make HTTP requests in PHP. The curl_exec command in PHP is a bridge to use curl from console. curl_exec makes it easy to quickly and easily do GET/POST requests, receive responses from other servers like JSON and download files.

In some development environments, the execution of the following code will throw the mentioned due to the usage of CURLOPT_FOLLOWLOCATION:

<?php 

$ch = curl_init(); 
curl_setopt( $ch, CURLOPT_URL, "http://someweb.com/some-api.json"); // URL to post 
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, "username=Batman&password=DoYouWantToKnowMySecretIdentity");
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);// 1 or TRUE
// Execute
$result = curl_exec( $ch ); 
curl_close($ch);
// Show "response"
echo "Reply Response: " . $result; 

In this article you'll learn why this happens and how to solve it.

Why this happens

This error happens when your PHP configuration disallow you from following a location.

Thanks captain obvious

Possible solutions

As in every environment and cases, not all of the listed options will work for you:

1. Set the CURLOPT_FOLLOWLOCATION to false

The CURLOPT_FOLLOWLOCATION option indicates wheter if cURL should follow HTTP 3xx redirects or not. When you request a URL, you can sometimes be redirected to some other URL, for example in PHP you can redirect using:

header('Location: http://example.com/');

By default, this option is disabled and normally, there's no good reason to disable it, however if you know what you're doing and you're pretty sure that your request will be never redirected, then you can simply disable the option:

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, FALSE);

2. Disable safe mode of PHP

Safe mode is an attempt to solve some of the problems that are introduced when running a PHP enabled web server in a shared hosting environment. The additional security checks imposed by Safe Mode are, however, performed at the PHP level, since the underlying web server and operating system security architecture is usually not sufficient to impose the necessary security restrictions for a multi-user environment, in which many users may be able to upload and execute PHP code.

Enabling Safe Mode imposes several restrictions on PHP scripts, these restrictions are mostly concerned with file access, access to environment variables and controlling the execution of external processes. These restrictions affects cURL when the FOLLOWLOCATION options is enabled, therefore in case you can't disable that option in cURL, in order to make your script work, you'll need to disable the safe mode by modifying your php.ini file.

Use any code or text editor and edit your php.ini file and search for the safe_mode option and set Off as value, as it probably already with On.

Disable safe mode PHP

Restart apache and try again to execute your script. Alternatively, if you can't modify the php.ini file in your environment, you can try to set this property dinamically with PHP in your script using:

ini_set('safe_mode', false);

Although the second way it's unlikely to work for most of the developers, it's worth a try.

3. Set open_basedir to none

The open_basedir function defines the locations or paths from which PHP is allowed to access files using functions like fopen() and gzopen(). If a file is outside of the paths defined by open_basedir, PHP will refuse to open it. You cannot use a symbolic link as a workaround, because the path that the symbolic link resolves to falls under the restrictions of the open_basedir function.

To disable the open_basedir option we just need to comment it in the php.ini file. Open a code or text editor and edit the php.ini file, search the open_basedir option and comment by prefixing it with ;:

; open_basedir, if set, limits all file operations to the defined directory
; and below.  This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file.
; http://php.net/open-basedir
;open_basedir =

Save the changes, restart apache and try to execute your script again.

You can either, in your server if you use Plesk to modify the open_basedir from a GUI. Open plesk, navigate to your domain and open PHP Settings.

PHP Settings Plesk

Now proceed from the list, to search for open_basedir and select none from the list:

open_basedir Plesk

Save the changes and try to execute your script again.

Honorable mentions

If you use a library like Unirest and you get such an error, you can try the first option by setting the CURLOPT_FOLLOWLOCATION option to false without modifying the library source code using:

Unirest\Request::curlOpts(array(
    CURLOPT_FOLLOWLOCATION => false
));

Don't forget to share with the community which option did work for you, happy coding !

Become a more social person