curl follows HTTP(S) redirects when asked to. curl also supports authentication. When a user and password are provided for a URL with a given hostname, curl makes an effort to not pass on those credentials to other hosts in redirects unless given permission with a special option.
Created curl tracking bugs for this issue:
Affects: fedora-all [bug 2079169]
Created mingw-curl tracking bugs for this issue:
Affects: fedora-all [bug 2079170]