What happens is that in same script (line 907) we want to calculateHateos for restricted case without passing (I consider explict decision) the response. What happens is that script will try to redirect to login form using non existing response parameter. So fix is redirect ONLY if we do pass response. This allows a Web Site to work with Anonymous accessible content.
@romain and / or @rporchetto please feel free to contact me so I show my use case with a real example.