diff options
authorYorhel <>2017-12-26 13:26:48 +0100
committerYorhel <>2017-12-26 13:26:50 +0100
commit3f40da291c90553aa9ddc05f28afab1404d1aa75 (patch)
parent0297bc628344618eecf773fc2f65c44b5f531cff (diff)
TUWF::Response: Set relative Location in resRedirect()
This fixes redirects in the scenario where the reqBaseURI() is not correct, which may happen if there is a HTTPS-terminating proxy in between that TUWF is not aware if (i.e. reqProtocol() is wrong) or when the site is running on a non-standard port and this is not reflected in reqHost(). I've always found the absolute Location header a silly requirement, so I'm glad that RFC 7231 now allows a relative URI.
2 files changed, 4 insertions, 4 deletions
diff --git a/lib/TUWF/ b/lib/TUWF/
index aa78efb..34754e8 100644
--- a/lib/TUWF/
+++ b/lib/TUWF/
@@ -163,7 +163,7 @@ sub resStatus {
-# Redirect to an other page, accepts an URL (relative to current hostname) and
+# Redirect to an other page, accepts an URL (either relative or absolute) and
# an optional type consisting of 'temp' (temporary) or 'post' (after posting a form).
# No type argument means a permanent redirect.
sub resRedirect {
@@ -173,7 +173,7 @@ sub resRedirect {
my $fd = $self->resFd();
print $fd 'Redirecting...';
$self->resHeader('Content-Type' => 'text/plain');
- $self->resHeader('Location' => $self->reqBaseURI().$url);
+ $self->resHeader('Location' => $url);
$self->resStatus(!$type ? 301 : $type eq 'temp' ? 307 : 303);
diff --git a/lib/TUWF/Response.pod b/lib/TUWF/Response.pod
index 20d8261..fab404c 100644
--- a/lib/TUWF/Response.pod
+++ b/lib/TUWF/Response.pod
@@ -161,8 +161,8 @@ Gets or sets the numeric HTTP response status code.
=head2 resRedirect(location, type)
-Generate a HTTP redirect to I<location>, which should be a path relative to the
-domain, including leading a slash. If I<type> is not defined, a 301 (Moved
+Generate a HTTP redirect to I<location>, which should be an absolute URL or a
+path relative to the current domain. If I<type> is not defined, a 301 (Moved
Permanently) is used. If I<type> is 'temp', a 307 (Temporary Redirect) or if
I<type> is 'post' a 303 (See Other) status code is used. The latter is
recommended for use as response to a POST request, as it explicitely tells the