Index: src/OFHTTPRequest.h
==================================================================
--- src/OFHTTPRequest.h
+++ src/OFHTTPRequest.h
@@ -35,17 +35,19 @@
 {
 	OFURL *URL;
 	of_http_request_type_t requestType;
 	OFString *queryString;
 	OFDictionary *headers;
+	BOOL redirectsFromHTTPSToHTTPAllowed;
 }
 
 #ifdef OF_HAVE_PROPERTIES
 @property (copy) OFURL *URL;
 @property (assign) of_http_request_type_t requestType;
 @property (copy) OFString *queryString;
 @property (copy) OFDictionary *headers;
+@property (assign) BOOL redirectsFromHTTPSToHTTPAllowed;
 #endif
 
 /**
  * \return A new, autoreleased OFHTTPRequest
  */
@@ -111,10 +113,22 @@
 /**
  * \return A dictionary with headers for the HTTP request.
  */
 - (OFDictionary*)headers;
 
+/**
+ * Sets whether redirects from HTTPS to HTTP are allowed.
+ *
+ * \param allowed Whether redirects from HTTPS to HTTP are allowed
+ */
+- (void)setRedirectsFromHTTPSToHTTPAllowed: (BOOL)allowed;
+
+/**
+ * \return Whether redirects from HTTPS to HTTP are allowed
+ */
+- (BOOL)redirectsFromHTTPSToHTTPAllowed;
+
 /**
  * Performs the HTTP request and returns an OFHTTPRequestResult.
  *
  * \return An OFHTTPRequestResult with the result of the HTTP request
  */

Index: src/OFHTTPRequest.m
==================================================================
--- src/OFHTTPRequest.m
+++ src/OFHTTPRequest.m
@@ -119,10 +119,20 @@
 
 - (OFDictionary*)headers
 {
 	OF_GETTER(headers, YES)
 }
+
+- (void)setRedirectsFromHTTPSToHTTPAllowed: (BOOL)allowed
+{
+	redirectsFromHTTPSToHTTPAllowed = allowed;
+}
+
+- (BOOL)redirectsFromHTTPSToHTTPAllowed
+{
+	return redirectsFromHTTPSToHTTPAllowed;
+}
 
 - (OFHTTPRequestResult*)perform
 {
 	return [self performWithRedirects: 10];
 }
@@ -255,13 +265,16 @@
 				tmp++;
 			} while (*tmp == ' ');
 
 			value = [OFString stringWithCString: tmp];
 
-			if (redirects > 0 && (status == 301 || status == 302 ||
+			if ((redirects > 0 && (status == 301 || status == 302 ||
 			    status == 303) && [key caseInsensitiveCompare:
-			    @"Location"] == OF_ORDERED_SAME) {
+			    @"Location"] == OF_ORDERED_SAME) &&
+			    (redirectsFromHTTPSToHTTPAllowed ||
+			    [scheme isEqual: @"http"] ||
+			    ![value hasPrefix: @"http://"])) {
 				OFURL *new;
 
 				new = [[OFURL alloc] initWithString: value
 						      relativeToURL: URL];
 				[URL release];

Index: src/OFString.m
==================================================================
--- src/OFString.m
+++ src/OFString.m
@@ -714,12 +714,11 @@
 						encoding: encoding];
 		[pool release];
 		return self;
 	}
 
-	req = [OFHTTPRequest request];
-	[req setURL: url];
+	req = [OFHTTPRequest requestWithURL: url];
 	res = [req perform];
 
 	if ([res statusCode] != 200)
 		@throw [OFHTTPRequestFailedException
 		    newWithClass: [req class]