check if given redirect status is valid

src/Controller/Controller.php

@@ -684,10 +684,14 @@ class Controller implements EventListenerInterface, EventDispatcherInterface
     {
         $this->autoRender = false;
 
-        if ($status) {
-            $this->response = $this->response->withStatus($status);
+        if ($status < 300 || $status > 399) {
+            throw new InvalidArgumentException(
+                sprintf('Invalid status code `%s`. It should be within the range ' .
+                    '`300` - `399` for redirect responses.', $status)
+            );
         }
 
+        $this->response = $this->response->withStatus($status);
         $event = $this->dispatchEvent('Controller.beforeRedirect', [$url, $this->response]);
         if ($event->getResult() instanceof Response) {
             return $this->response = $event->getResult();

tests/TestCase/Controller/ControllerTest.php

@@ -498,7 +498,6 @@ class ControllerTest extends TestCase
             [304, 'Not Modified'],
             [305, 'Use Proxy'],
             [307, 'Temporary Redirect'],
-            [403, 'Forbidden'],
         ];
     }
 
@@ -568,6 +567,14 @@ class ControllerTest extends TestCase
         $this->assertSame($newResponse, $Controller->getResponse());
     }
 
+    public function testRedirectWithInvalidStatusCode(): void
+    {
+        $Controller = new Controller();
+        $uri = new Uri('/foo/bar');
+        $this->expectException(\InvalidArgumentException::class);
+        $Controller->redirect($uri, 200);
+    }
+
     /**
      * testReferer method
      */