Do not run authentication if headers already sent

2025-12-06 11:17:08 +00:00 · 2020-10-12 19:41:00 +02:00
parent 7201c29df5
commit 5594b6863c
1 changed files with 6 additions and 0 deletions
--- a/lib/www/server/api/middleware/auth/authentify.js
+++ b/lib/www/server/api/middleware/auth/authentify.js
@@ -44,6 +44,12 @@ async function authorisedHost (req, res) {

 async function auth (req, res, next) {

+	if (res.headersSent) {
+		// Nothing to do, this request must have been
+		// handled already by another middleware.
+		return;
+	}
+
 	// Check for a valid JWT (already decoded by a previous
 	// middleware).
 	if (req.user) {