X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Runtime.git;a=blobdiff_plain;f=lib%2FCatalyst%2FResponse.pm;h=35432a058b9630f6b36c3b2782de8d381beda134;hp=a3b65af161a4385695217d0a05738e552c9ddb91;hb=refs%2Fheads%2Fredirection-security;hpb=4f4d49e26b12f675f4804cc4d7abc6339325554a

diff --git a/lib/Catalyst/Response.pm b/lib/Catalyst/Response.pm
index a3b65af..35432a0 100644
--- a/lib/Catalyst/Response.pm
+++ b/lib/Catalyst/Response.pm
@@ -282,8 +282,8 @@ sub redirect {
         my $location = shift;
         my $status = shift || 302;
 
+        $self->location($location);
         $self->status($status);
-        $self->location($location);    # overwrites status if invalid
 
     }
 
@@ -300,9 +300,7 @@ around '_set_location' => sub {
 
         if ( $location =~ m/[\n\r]/ ) {    # check for header injection
 
-            $self->status(400);            # bad request
-
-            # TODO: warn about this or fail
+            die "blocking header injection";
 
         } else {