fix: throw TypeError for invalid url in res.redirect

theaniketgiri · theaniketgiri · commit e6f1b1fd0832 · 2025-12-03T23:02:24.000+05:30
Fixes #6941 Previously, res.redirect(undefined) would send an invalid Location: undefined header. This change throws a TypeError when the url argument is undefined or not a string, aligning with the behavior of other Express methods like res.sendFile. Changes: - Throw TypeError when url is undefined - Throw TypeError when url is not a string - Add comprehensive tests for invalid url handling
diff --git a/lib/response.js b/lib/response.js
@@ -827,12 +827,13 @@ res.redirect = function redirect(url) {
     address = arguments[1]
   }
 
-  if (!address) {
-    deprecate('Provide a url argument');
+  // Validate URL argument
+  if (address === undefined) {
+    throw new TypeError('url argument is required to res.redirect');
   }
 
   if (typeof address !== 'string') {
-    deprecate('Url must be a string');
+    throw new TypeError('url argument must be a string to res.redirect');
   }
 
   if (typeof status !== 'number') {
diff --git a/test/res.redirect.issue-6941.js b/test/res.redirect.issue-6941.js
@@ -0,0 +1,206 @@
+'use strict'
+
+var express = require('..');
+var request = require('supertest');
+
+describe('res.redirect - Issue #6941', function () {
+  describe('when url is undefined', function () {
+    it('should throw a TypeError', function (done) {
+      var app = express();
+
+      app.use(function (req, res) {
+        res.redirect(undefined);
+      });
+
+      app.use(function (err, req, res, next) {
+        res.status(500).json({
+          error: err.message,
+          type: err.name
+        });
+      });
+
+      request(app)
+        .get('/')
+        .expect(500)
+        .expect(function (res) {
+          if (res.body.type !== 'TypeError') {
+            throw new Error('Expected TypeError, got ' + res.body.type);
+          }
+          if (res.body.error !== 'url argument is required to res.redirect') {
+            throw new Error('Unexpected error message: ' + res.body.error);
+          }
+        })
+        .end(done);
+    });
+
+    it('should not send Location: undefined header', function (done) {
+      var app = express();
+
+      app.use(function (req, res) {
+        res.redirect(undefined);
+      });
+
+      app.use(function (err, req, res, next) {
+        res.status(500).send('error');
+      });
+
+      request(app)
+        .get('/')
+        .expect(500)
+        .expect(function (res) {
+          if (res.headers.location === 'undefined') {
+            throw new Error('Location header should not be "undefined"');
+          }
+        })
+        .end(done);
+    });
+  });
+
+  describe('when url is not a string', function () {
+    it('should throw a TypeError for null', function (done) {
+      var app = express();
+
+      app.use(function (req, res) {
+        res.redirect(null);
+      });
+
+      app.use(function (err, req, res, next) {
+        res.status(500).json({
+          error: err.message,
+          type: err.name
+        });
+      });
+
+      request(app)
+        .get('/')
+        .expect(500)
+        .expect(function (res) {
+          if (res.body.type !== 'TypeError') {
+            throw new Error('Expected TypeError, got ' + res.body.type);
+          }
+        })
+        .end(done);
+    });
+
+    it('should throw a TypeError for number (when single argument)', function (done) {
+      var app = express();
+
+      app.use(function (req, res) {
+        res.redirect(123);
+      });
+
+      app.use(function (err, req, res, next) {
+        res.status(500).json({
+          error: err.message,
+          type: err.name
+        });
+      });
+
+      request(app)
+        .get('/')
+        .expect(500)
+        .expect(function (res) {
+          if (res.body.type !== 'TypeError') {
+            throw new Error('Expected TypeError, got ' + res.body.type);
+          }
+        })
+        .end(done);
+    });
+
+    it('should throw a TypeError for object', function (done) {
+      var app = express();
+
+      app.use(function (req, res) {
+        res.redirect({ url: '/home' });
+      });
+
+      app.use(function (err, req, res, next) {
+        res.status(500).json({
+          error: err.message,
+          type: err.name
+        });
+      });
+
+      request(app)
+        .get('/')
+        .expect(500)
+        .expect(function (res) {
+          if (res.body.type !== 'TypeError') {
+            throw new Error('Expected TypeError, got ' + res.body.type);
+          }
+        })
+        .end(done);
+    });
+  });
+
+  describe('when status and url are provided', function () {
+    it('should throw a TypeError if url is undefined', function (done) {
+      var app = express();
+
+      app.use(function (req, res) {
+        res.redirect(301, undefined);
+      });
+
+      app.use(function (err, req, res, next) {
+        res.status(500).json({
+          error: err.message,
+          type: err.name
+        });
+      });
+
+      request(app)
+        .get('/')
+        .expect(500)
+        .expect(function (res) {
+          if (res.body.type !== 'TypeError') {
+            throw new Error('Expected TypeError, got ' + res.body.type);
+          }
+          if (res.body.error !== 'url argument is required to res.redirect') {
+            throw new Error('Unexpected error message: ' + res.body.error);
+          }
+        })
+        .end(done);
+    });
+
+    it('should work correctly with valid status and url', function (done) {
+      var app = express();
+
+      app.use(function (req, res) {
+        res.redirect(301, '/new-location');
+      });
+
+      request(app)
+        .get('/')
+        .expect('Location', '/new-location')
+        .expect(301, done);
+    });
+  });
+
+  describe('valid redirects should still work', function () {
+    it('should redirect with a string url', function (done) {
+      var app = express();
+
+      app.use(function (req, res) {
+        res.redirect('/home');
+      });
+
+      request(app)
+        .get('/')
+        .expect('Location', '/home')
+        .expect(302, done);
+    });
+
+    it('should redirect with empty string', function (done) {
+      var app = express();
+
+      app.use(function (req, res) {
+        res.redirect('');
+      });
+
+      request(app)
+        .get('/')
+        .expect('Location', '')
+        .expect(302, done);
+    });
+  });
+});

Original file line number	Diff line number	Diff line change
`@@ -827,12 +827,13 @@ res.redirect = function redirect(url) {`
`827`	`827`	`address = arguments[1]`
`828`	`828`	`}`
`829`	`829`
`830`		`- if (!address) {`
`831`		`- deprecate('Provide a url argument');`
	`830`	`+ // Validate URL argument`
	`831`	`+ if (address === undefined) {`
	`832`	`+ throw new TypeError('url argument is required to res.redirect');`
`832`	`833`	`}`
`833`	`834`
`834`	`835`	`if (typeof address !== 'string') {`
`835`		`- deprecate('Url must be a string');`
	`836`	`+ throw new TypeError('url argument must be a string to res.redirect');`
`836`	`837`	`}`
`837`	`838`
`838`	`839`	`if (typeof status !== 'number') {`