header("Location: takes me to a page that says 404 but if i copy the url in a new tab, it opens

I'm doing

$returnpath = $_POST['returnpath'];
header("Location: $returnpath");

$returnpath is "/blogs/write"

It goes ahead and loads http://my.domain/blogs/write

It gives the apache 40开发者_如何学C4 not found page. I hit Ctrl-r or click the refresh button in Google Chrome, and the page is still 404.

If i copy the full url and paste it in a new tab, the page shows! Also if i put my pointer in the url bar of that page with a 404 and hit enter, the page loads!

Check your Apache logs to see what page is trying to be retrieved when you get the 404 error when you try your redirect. Then you'll know for certain if it is a url encoding issue, typo or other problem.

Also, please do some sanity checking of the $_POST['returnpath'] value before you dump it into a header directive. Otherwise you'll wind up with an obvious open redirect vulnerability.

http://www.owasp.org/index.php/Open_redirect

Whenever you write header() function, by default, PHP tries to load the full URL mentioned in its argument. So if you write the code:-

<?php
header("Location: relative_uri");
exit();
?>

then PHP will load a page whose URL will be "relative_uri" & not "http://example.com/relative_uri", where "example.com" is your domain name.

So please try to write the full Absolute URL in the argument of the "header()" function.

Hope it helps.