From 5594b6863c992ba56667db47cef06a0dd196fc75 Mon Sep 17 00:00:00 2001
From: "D. Berge" <dberge@aaltronav.eu>
Date: Mon, 12 Oct 2020 19:41:00 +0200
Subject: [PATCH] Do not run authentication if headers already sent

---
 lib/www/server/api/middleware/auth/authentify.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/www/server/api/middleware/auth/authentify.js b/lib/www/server/api/middleware/auth/authentify.js
index d255376..383912d 100644
--- a/lib/www/server/api/middleware/auth/authentify.js
+++ b/lib/www/server/api/middleware/auth/authentify.js
@@ -44,6 +44,12 @@ async function authorisedHost (req, res) {
 
 async function auth (req, res, next) {
 
+	if (res.headersSent) {
+		// Nothing to do, this request must have been
+		// handled already by another middleware.
+		return;
+	}
+
 	// Check for a valid JWT (already decoded by a previous
 	// middleware).
 	if (req.user) {