From a5f9587f227e9de1acdf01e79fc3ce894bee5352 Mon Sep 17 00:00:00 2001
From: Stan Wohlwend <n2d4xc@gmail.com>
Date: Fri, 19 Apr 2024 19:14:50 +0200
Subject: [PATCH] current-user should be `null` if project ID is wrong

---
 packages/stack-server/src/app/api/v1/current-user/route.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/stack-server/src/app/api/v1/current-user/route.tsx b/packages/stack-server/src/app/api/v1/current-user/route.tsx
index 50c7c3b78..deb62631e 100644
--- a/packages/stack-server/src/app/api/v1/current-user/route.tsx
+++ b/packages/stack-server/src/app/api/v1/current-user/route.tsx
@@ -73,7 +73,7 @@ const handler = deprecatedSmartRouteHandler(async (req: NextRequest) => {
   const { userId, projectId: accessTokenProjectId } = decodedAccessToken;
 
   if (accessTokenProjectId !== projectId) {
-    throw new StatusError(StatusError.Forbidden);
+    return NextResponse.json(null);
   }
 
   let user;