update tests to use relative redirects

CHANGES.rst

@@ -52,6 +52,9 @@ Unreleased
     :issue:`4095, 4295, 4297`
 -   Fix typing for ``__exit__`` methods for better compatibility with
     ``ExitStack``. :issue:`4474`
+-   From Werkzeug, for redirect responses the ``Location`` header URL
+    will remain relative, and exclude the scheme and domain, by default.
+    :pr:`4496`
 
 
 Version 2.0.3

docs/tutorial/tests.rst

@@ -266,7 +266,7 @@ messages.
         response = client.post(
             '/auth/register', data={'username': 'a', 'password': 'a'}
         )
-        assert 'http://localhost/auth/login' == response.headers['Location']
+        assert response.headers["Location"] == "/auth/login"
 
         with app.app_context():
             assert get_db().execute(
@@ -319,7 +319,7 @@ The tests for the ``login`` view are very similar to those for
     def test_login(client, auth):
         assert client.get('/auth/login').status_code == 200
         response = auth.login()
-        assert response.headers['Location'] == 'http://localhost/'
+        assert response.headers["Location"] == "/"
 
         with client:
             client.get('/')
@@ -404,7 +404,7 @@ is returned. If a ``post`` with the given ``id`` doesn't exist,
     ))
     def test_login_required(client, path):
         response = client.post(path)
-        assert response.headers['Location'] == 'http://localhost/auth/login'
+        assert response.headers["Location"] == "/auth/login"
 
 
     def test_author_required(app, client, auth):
@@ -479,7 +479,7 @@ no longer exist in the database.
     def test_delete(client, auth, app):
         auth.login()
         response = client.post('/1/delete')
-        assert response.headers['Location'] == 'http://localhost/'
+        assert response.headers["Location"] == "/"
 
         with app.app_context():
             db = get_db()

examples/tutorial/tests/test_auth.py

@@ -11,7 +11,7 @@ def test_register(client, app):
 
     # test that successful registration redirects to the login page
     response = client.post("/auth/register", data={"username": "a", "password": "a"})
-    assert "http://localhost/auth/login" == response.headers["Location"]
+    assert response.headers["Location"] == "/auth/login"
 
     # test that the user was inserted into the database
     with app.app_context():
@@ -42,7 +42,7 @@ def test_login(client, auth):
 
     # test that successful login redirects to the index page
     response = auth.login()
-    assert response.headers["Location"] == "http://localhost/"
+    assert response.headers["Location"] == "/"
 
     # login request set the user_id in the session
     # check that the user is loaded from the session

examples/tutorial/tests/test_blog.py

@@ -19,7 +19,7 @@ def test_index(client, auth):
 @pytest.mark.parametrize("path", ("/create", "/1/update", "/1/delete"))
 def test_login_required(client, path):
     response = client.post(path)
-    assert response.headers["Location"] == "http://localhost/auth/login"
+    assert response.headers["Location"] == "/auth/login"
 
 
 def test_author_required(app, client, auth):
@@ -75,7 +75,7 @@ def test_create_update_validate(client, auth, path):
 def test_delete(client, auth, app):
     auth.login()
     response = client.post("/1/delete")
-    assert response.headers["Location"] == "http://localhost/"
+    assert response.headers["Location"] == "/"
 
     with app.app_context():
         db = get_db()

src/flask/wrappers.py

@@ -155,6 +155,8 @@ class Response(ResponseBase):
 
     json_module = json
 
+    autocorrect_location_header = False
+
     @property
     def max_cookie_size(self) -> int:  # type: ignore
         """Read-only view of the :data:`MAX_COOKIE_SIZE` config key.

tests/test_regression.py

@@ -19,6 +19,12 @@ def test():
 
     with app.test_client() as c:
         rv = c.get("/")
-        assert rv.headers["Location"] == "http://localhost/test"
+        location_parts = rv.headers["Location"].rpartition("/")
+
+        if location_parts[0]:
+            # For older Werkzeug that used absolute redirects.
+            assert location_parts[0] == "http://localhost"
+
+        assert location_parts[2] == "test"
         rv = c.get("/test")
         assert rv.data == b"42"