diff --git a/src/routes/2fa/+server.ts b/src/routes/2fa/+server.ts
index 1e76059..d802251 100644
--- a/src/routes/2fa/+server.ts
+++ b/src/routes/2fa/+server.ts
@@ -5,13 +5,33 @@ import type { RequestEvent } from "./$types";
 
 export function GET(event: RequestEvent): Response {
 	if (event.locals.session === null || event.locals.user === null) {
-		return redirect(302, "/login");
+		return new Response(null, {
+			status: 302,
+			headers: {
+				Location: "/login"
+			}
+		});
 	}
 	if (event.locals.session.twoFactorVerified) {
-		return redirect(302, "/");
+		return new Response(null, {
+			status: 302,
+			headers: {
+				Location: "/"
+			}
+		});
 	}
 	if (!event.locals.user.registered2FA) {
-		return redirect(302, "/2fa/setup");
+		return new Response(null, {
+			status: 302,
+			headers: {
+				Location: "/2fa/setup"
+			}
+		});
 	}
-	return redirect(302, get2FARedirect(event.locals.user));
+	return new Response(null, {
+		status: 302,
+		headers: {
+			Location: get2FARedirect(event.locals.user)
+		}
+	});
 }
diff --git a/src/routes/reset-password/2fa/+server.ts b/src/routes/reset-password/2fa/+server.ts
index ea4ea2b..ccc6433 100644
--- a/src/routes/reset-password/2fa/+server.ts
+++ b/src/routes/reset-password/2fa/+server.ts
@@ -7,10 +7,25 @@ import type { RequestEvent } from "./$types";
 export async function GET(event: RequestEvent) {
 	const { session, user } = validatePasswordResetSessionRequest(event);
 	if (session === null) {
-		return redirect(302, "/login");
+		return new Response(null, {
+			status: 302,
+			headers: {
+				Location: "/login"
+			}
+		});
 	}
 	if (!user.registered2FA || session.twoFactorVerified) {
-		return redirect(302, "/reset-password");
+		return new Response(null, {
+			status: 302,
+			headers: {
+				Location: "/reset-password"
+			}
+		});
 	}
-	return redirect(302, getPasswordReset2FARedirect(user));
+	return new Response(null, {
+		status: 302,
+		headers: {
+			Location: getPasswordReset2FARedirect(user)
+		}
+	});
 }