From 3f40da291c90553aa9ddc05f28afab1404d1aa75 Mon Sep 17 00:00:00 2001 From: Yorhel Date: Tue, 26 Dec 2017 13:26:48 +0100 Subject: TUWF::Response: Set relative Location in resRedirect() This fixes redirects in the scenario where the reqBaseURI() is not correct, which may happen if there is a HTTPS-terminating proxy in between that TUWF is not aware if (i.e. reqProtocol() is wrong) or when the site is running on a non-standard port and this is not reflected in reqHost(). I've always found the absolute Location header a silly requirement, so I'm glad that RFC 7231 now allows a relative URI. --- lib/TUWF/Response.pm | 4 ++-- lib/TUWF/Response.pod | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/TUWF/Response.pm b/lib/TUWF/Response.pm index aa78efb..34754e8 100644 --- a/lib/TUWF/Response.pm +++ b/lib/TUWF/Response.pm @@ -163,7 +163,7 @@ sub resStatus { } -# Redirect to an other page, accepts an URL (relative to current hostname) and +# Redirect to an other page, accepts an URL (either relative or absolute) and # an optional type consisting of 'temp' (temporary) or 'post' (after posting a form). # No type argument means a permanent redirect. sub resRedirect { @@ -173,7 +173,7 @@ sub resRedirect { my $fd = $self->resFd(); print $fd 'Redirecting...'; $self->resHeader('Content-Type' => 'text/plain'); - $self->resHeader('Location' => $self->reqBaseURI().$url); + $self->resHeader('Location' => $url); $self->resStatus(!$type ? 301 : $type eq 'temp' ? 307 : 303); } diff --git a/lib/TUWF/Response.pod b/lib/TUWF/Response.pod index 20d8261..fab404c 100644 --- a/lib/TUWF/Response.pod +++ b/lib/TUWF/Response.pod @@ -161,8 +161,8 @@ Gets or sets the numeric HTTP response status code. =head2 resRedirect(location, type) -Generate a HTTP redirect to I, which should be a path relative to the -domain, including leading a slash. If I is not defined, a 301 (Moved +Generate a HTTP redirect to I, which should be an absolute URL or a +path relative to the current domain. If I is not defined, a 301 (Moved Permanently) is used. If I is 'temp', a 307 (Temporary Redirect) or if I is 'post' a 303 (See Other) status code is used. The latter is recommended for use as response to a POST request, as it explicitely tells the -- cgit v1.2.3