From f636741bf8d1184425d1eae914e3ade2eba2b087 Mon Sep 17 00:00:00 2001
From: Sebastian Beltran <bjohansebas@gmail.com>
Date: Tue, 18 Mar 2025 09:21:25 -0500
Subject: [PATCH 1/2] feat(res.redirect): add validation for url and status
 arguments

---
 lib/response.js      | 12 ++++++++++++
 test/res.redirect.js | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/lib/response.js b/lib/response.js
index 9362d0ed5dd..24c0c9c7993 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -825,6 +825,18 @@ res.redirect = function redirect(url) {
     address = arguments[1]
   }
 
+  if (!address) {
+    throw new TypeError('url argument is required to res.redirect');
+  }
+
+  if (typeof address !== 'string') {
+    throw new TypeError('res.redirect: url must be a string');
+  }
+
+  if (typeof status !== 'number') {
+    throw new TypeError('res.redirect: status must be a number');
+  }
+
   // Set location header
   address = this.location(address).get('Location');
 
diff --git a/test/res.redirect.js b/test/res.redirect.js
index 264e0f2b8f3..045ead64f31 100644
--- a/test/res.redirect.js
+++ b/test/res.redirect.js
@@ -19,6 +19,42 @@ describe('res', function(){
       .expect(302, done)
     })
 
+    it('should trown an error if the url is missing', function(done){
+      var app = express();
+
+      app.use(function (req, res) {
+        res.redirect(undefined)
+      })
+
+      request(app)
+      .get('/')
+      .expect(500, /url argument is required to res.redirect/, done)
+    })
+
+    it('should trown an error if the url is not a string', function(done){
+      var app = express();
+
+      app.use(function (req, res) {
+        res.redirect(['http://google.com'])
+      })
+
+      request(app)
+      .get('/')
+      .expect(500, /res.redirect: url must be a string/, done)
+    })
+
+    it('should trown an error if the status is not a number', function(done){
+      var app = express();
+
+      app.use(function (req, res) {
+        res.redirect("300", 'http://google.com')
+      })
+
+      request(app)
+      .get('/')
+      .expect(500, /res.redirect: status must be a number/, done)
+    })
+
     it('should encode "url"', function (done) {
       var app = express()
 

From 3981e29545173dbbd0fd67db8058272e6bbca120 Mon Sep 17 00:00:00 2001
From: Sebastian Beltran <bjohansebas@gmail.com>
Date: Tue, 18 Mar 2025 09:26:05 -0500
Subject: [PATCH 2/2] fix(tests): correct spelling of 'throw' in error messages

---
 test/res.redirect.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/res.redirect.js b/test/res.redirect.js
index 045ead64f31..3295706dc99 100644
--- a/test/res.redirect.js
+++ b/test/res.redirect.js
@@ -19,7 +19,7 @@ describe('res', function(){
       .expect(302, done)
     })
 
-    it('should trown an error if the url is missing', function(done){
+    it('should throw an error if the url is missing', function(done){
       var app = express();
 
       app.use(function (req, res) {
@@ -31,7 +31,7 @@ describe('res', function(){
       .expect(500, /url argument is required to res.redirect/, done)
     })
 
-    it('should trown an error if the url is not a string', function(done){
+    it('should throw an error if the url is not a string', function(done){
       var app = express();
 
       app.use(function (req, res) {
@@ -43,7 +43,7 @@ describe('res', function(){
       .expect(500, /res.redirect: url must be a string/, done)
     })
 
-    it('should trown an error if the status is not a number', function(done){
+    it('should throw an error if the status is not a number', function(done){
       var app = express();
 
       app.use(function (req, res) {