See these lines; https://github.com/brunoos/luasec/blob/1ab6fac9197b194ea94166dff7ad81579f6113ed/src/https.lua#L122-L123

LuaSocket http module blocks redirects only if url.redirect is explicitly set to false. Hence the test here, allows nil to pass and makes LuaSocket execute the redirect.