Redirects broken from update

so i upgraded from 3.8.1 to 3.10.0
now all my redirects are broken…
did i miss the memo? some methods get deprecated or something?

in my auth middleware i check is user logged in and if not do this which used to work…

return $response->withStatus(403)->withHeader(‘Location’, ‘/login/’);

all i get now is a blank screen

$response = $response->withStatus(403)->withHeader(‘Location’, ‘/login/’);
return $response;

if i do that i get foo on the screen so there is no redirect happening i think?
anyone know whats going on? what im doing wrong?

i have no code changes aside from updating dependencies

so if i rename the vendor directory and put the old one back in it works again…
if i put it back then request /logout i get the same behavior with a redirect initiated from within a controller

Ok i figured it out.

its 3.9.0 that has the code change this is what does it:

in case there is anyone else out there who runs into the same issue

it seems if i do this it works:

return $response->withRedirect(’/login/’);

but supplying any code makes it fail

return $response->withRedirect(’/login/’, 403); //200, 201, 400, 401,402,403

can anyone enlighten me as to whats happening here?

@rryyyk You can read the discussion on that change here:

haha sorry… unlucky for me i read almost to the end of that and didnt see the last comment with the link to the same question as mine before i wanted to go off and look in the code

seems a bit weird you can call a helper method called withRedirect with a parameter set that results in no redirection, though if its up to the browser to follow then i guess there isnt much to be done

is there somewhere in the release notes backwards incompatible changes are listed? im a little concerned of what else might be affected?

if i look at the release for 3.9
and click the issue there isnt any mention of backwards compatibility

am i looking in the wrong place

I believe it wasn’t considered a BC break, but rather a bug. Browsers will only follow the location header if the status code is 3xx. When using withRedirect it is assumed that you care more about the redirect than the status code.