From 2d52fa3c64544dc62d385bd19b72dad53a7748c2 Mon Sep 17 00:00:00 2001
From: Pieter Wigboldus <pieter.wigboldus@zilliz.nl>
Date: Wed, 18 Feb 2026 16:42:48 +0100
Subject: [PATCH 1/3] Prevents setting headers multiple times

Ensures that response headers are not sent multiple times by checking if headers have already been sent before setting the status code or sending a JSON response. This prevents potential errors and unexpected behavior when dealing with response handling.
---
 src/handlers/not-found.js           |  4 +++-
 src/handlers/request-validation.js  |  4 +++-
 src/handlers/response-validation.js | 20 ++++++++++++++------
 src/handlers/unauthorized.js        |  4 +++-
 4 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/src/handlers/not-found.js b/src/handlers/not-found.js
index 0bda9e1..322a401 100644
--- a/src/handlers/not-found.js
+++ b/src/handlers/not-found.js
@@ -1,5 +1,7 @@
 export const notFound = (_context, request, response) => {
-  response.status(404)
+  if (!response.headersSent) {
+    response.status(404)
+  }
   return {
     status: 404,
     timestamp: new Date(),
diff --git a/src/handlers/request-validation.js b/src/handlers/request-validation.js
index d5ececf..843a9fb 100644
--- a/src/handlers/request-validation.js
+++ b/src/handlers/request-validation.js
@@ -1,5 +1,7 @@
 export const requestValidation = (context, request, response) => {
-  response.status(400)
+  if (!response.headersSent) {
+    response.status(400)
+  }
   return {
     errors: context.validation.errors,
     status: 400,
diff --git a/src/handlers/response-validation.js b/src/handlers/response-validation.js
index fe6c56b..940909d 100644
--- a/src/handlers/response-validation.js
+++ b/src/handlers/response-validation.js
@@ -1,4 +1,9 @@
 export default (logger, validateResponse) => (context, request, response) => {
+  // Prevent sending headers if they're already sent
+  if (response.headersSent) {
+    return undefined
+  }
+
   const responseDoesntNeedValidation = response.statusCode >= 400
   if (responseDoesntNeedValidation) {
     return response.json(context.response)
@@ -22,12 +27,15 @@ export default (logger, validateResponse) => (context, request, response) => {
         response: context.response
       })
     }
-    return response.status(502).json({
-      errors: valid.errors,
-      status: 502,
-      timestamp: new Date(),
-      message: 'Bad response'
-    })
+    if (!response.headersSent) {
+      return response.status(502).json({
+        errors: valid.errors,
+        status: 502,
+        timestamp: new Date(),
+        message: 'Bad response'
+      })
+    }
+    return undefined
   }
 
   if (!context.response) {
diff --git a/src/handlers/unauthorized.js b/src/handlers/unauthorized.js
index dbdcc29..4a64b16 100644
--- a/src/handlers/unauthorized.js
+++ b/src/handlers/unauthorized.js
@@ -1,5 +1,7 @@
 export const unauthorized = async (context, request, response) => {
-  response.status(401)
+  if (!response.headersSent) {
+    response.status(401)
+  }
   return {
     status: 401,
     timestamp: new Date(),

From 3cf3812ef5a54fe2dec7d5e9e4d55c17e95ee6f2 Mon Sep 17 00:00:00 2001
From: Pieter Wigboldus <pieter.wigboldus@zilliz.nl>
Date: Wed, 18 Feb 2026 17:05:38 +0100
Subject: [PATCH 2/3] Prevents further processing after headers are sent

Ensures that no further processing occurs after the response headers have already been sent, preventing potential errors.

This change avoids attempting to modify headers or send additional data after the headers have been implicitly or explicitly sent.
---
 src/handlers/response-validation.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/handlers/response-validation.js b/src/handlers/response-validation.js
index 940909d..598d828 100644
--- a/src/handlers/response-validation.js
+++ b/src/handlers/response-validation.js
@@ -1,7 +1,7 @@
 export default (logger, validateResponse) => (context, request, response) => {
   // Prevent sending headers if they're already sent
   if (response.headersSent) {
-    return undefined
+    return response.end()
   }
 
   const responseDoesntNeedValidation = response.statusCode >= 400
@@ -35,7 +35,7 @@ export default (logger, validateResponse) => (context, request, response) => {
         message: 'Bad response'
       })
     }
-    return undefined
+    return response.end()
   }
 
   if (!context.response) {

From e0ac0ac7bd139a272f41bf1fe884d1c0d58e8d73 Mon Sep 17 00:00:00 2001
From: Pieter Wigboldus <pieter.wigboldus@zilliz.nl>
Date: Wed, 18 Feb 2026 17:21:10 +0100
Subject: [PATCH 3/3] Prevents further processing after headers sent

Avoids potential errors by ensuring that no further actions are taken
after the headers have already been sent in the response, such as after a
redirect. This prevents issues like attempting to modify or send the
response multiple times.
---
 src/handlers/response-validation.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/handlers/response-validation.js b/src/handlers/response-validation.js
index 598d828..cdfa4db 100644
--- a/src/handlers/response-validation.js
+++ b/src/handlers/response-validation.js
@@ -1,7 +1,7 @@
 export default (logger, validateResponse) => (context, request, response) => {
-  // Prevent sending headers if they're already sent
+  // Prevent sending response if headers are already sent (e.g., after redirect)
   if (response.headersSent) {
-    return response.end()
+    return undefined
   }
 
   const responseDoesntNeedValidation = response.statusCode >= 400
@@ -35,7 +35,7 @@ export default (logger, validateResponse) => (context, request, response) => {
         message: 'Bad response'
       })
     }
-    return response.end()
+    return undefined
   }
 
   if (!context.response) {