diff --git a/lib/history/index.js b/lib/history/index.js
index 19a2646a..ae2d27a0 100644
--- a/lib/history/index.js
+++ b/lib/history/index.js
@@ -123,7 +123,7 @@ function historyGet (req, res) {
       })
     })
   } else {
-    return response.errorForbidden(res)
+    return response.errorForbidden(req, res)
   }
 }
 
@@ -164,7 +164,7 @@ function historyPost (req, res) {
       })
     }
   } else {
-    return response.errorForbidden(res)
+    return response.errorForbidden(req, res)
   }
 }
 
@@ -188,7 +188,7 @@ function historyDelete (req, res) {
       })
     }
   } else {
-    return response.errorForbidden(res)
+    return response.errorForbidden(req, res)
   }
 }
 
diff --git a/lib/imageRouter/index.js b/lib/imageRouter/index.js
index c4ab548f..9b0c4028 100644
--- a/lib/imageRouter/index.js
+++ b/lib/imageRouter/index.js
@@ -21,7 +21,7 @@ imageRouter.post('/uploadimage', function (req, res) {
 
   form.parse(req, function (err, fields, files) {
     if (err || !files.image || !files.image.path) {
-      response.errorForbidden(res)
+      response.errorForbidden(req, res)
     } else {
       if (config.debug) {
         logger.info('SERVER received uploadimage: ' + JSON.stringify(files.image))
diff --git a/lib/note/index.js b/lib/note/index.js
index d90371fe..017d2238 100644
--- a/lib/note/index.js
+++ b/lib/note/index.js
@@ -66,7 +66,7 @@ async function showNote (req, res) {
   }
 
   if (!newCheckViewPermission(note, req.isAuthenticated(), userId)) {
-    return errorForbidden(res)
+    return errorForbidden(req, res)
   }
 
   // force to use note id
@@ -99,7 +99,7 @@ async function showPublishNote (req, res) {
   }
 
   if (!canViewNote(note, req.isAuthenticated(), req.user ? req.user.id : null)) {
-    return errorForbidden(req)
+    return errorForbidden(req, res)
   }
 
   if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) {
@@ -150,7 +150,7 @@ async function noteActions (req, res) {
   }
 
   if (!canViewNote(note, req.isAuthenticated(), req.user ? req.user.id : null)) {
-    return errorForbidden(req)
+    return errorForbidden(req, res)
   }
 
   const action = req.params.action
@@ -171,7 +171,7 @@ async function noteActions (req, res) {
         actionPDF(req, res, note)
       } else {
         logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details')
-        errorForbidden(res)
+        errorForbidden(req, res)
       }
       break
     case 'gist':
diff --git a/lib/response.js b/lib/response.js
index 4779afb8..42127696 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -28,8 +28,7 @@ exports.checkViewPermission = checkViewPermission
 exports.newCheckViewPermission = newCheckViewPermission
 exports.responseCodiMD = responseCodiMD
 
-function errorForbidden (res) {
-  const { req } = res
+function errorForbidden (req, res) {
   if (req.user) {
     responseError(res, '403', 'Forbidden', 'oh no.')
   } else {
@@ -100,7 +99,7 @@ function newNote (req, res, next) {
   if (req.isAuthenticated()) {
     owner = req.user.id
   } else if (!config.allowAnonymous) {
-    return errorForbidden(res)
+    return errorForbidden(req, res)
   }
   models.Note.create({
     ownerId: owner,
@@ -161,7 +160,7 @@ function findNote (req, res, callback, include) {
         }
       }
       if (!checkViewPermission(req, note)) {
-        return errorForbidden(res)
+        return errorForbidden(req, res)
       } else {
         return callback(note)
       }
@@ -239,7 +238,7 @@ function githubActionGist (req, res, note) {
   var code = req.query.code
   var state = req.query.state
   if (!code || !state) {
-    return errorForbidden(res)
+    return errorForbidden(req, res)
   } else {
     var data = {
       client_id: config.github.clientID,
@@ -279,14 +278,14 @@ function githubActionGist (req, res, note) {
               res.setHeader('referer', '')
               res.redirect(body.html_url)
             } else {
-              return errorForbidden(res)
+              return errorForbidden(req, res)
             }
           })
         } else {
-          return errorForbidden(res)
+          return errorForbidden(req, res)
         }
       } else {
-        return errorForbidden(res)
+        return errorForbidden(req, res)
       }
     })
   }
@@ -334,7 +333,7 @@ function gitlabActionProjects (req, res, note) {
       return errorInternalError(res)
     })
   } else {
-    return errorForbidden(res)
+    return errorForbidden(req, res)
   }
 }
 
diff --git a/lib/user/index.js b/lib/user/index.js
index 36c1cd62..4412713e 100644
--- a/lib/user/index.js
+++ b/lib/user/index.js
@@ -37,7 +37,7 @@ exports.getMe = async (req, res) => {
 
 exports.deleteUser = async (req, res) => {
   if (!req.isAuthenticated()) {
-    return response.errorForbidden(res)
+    return response.errorForbidden(req, res)
   }
 
   const user = await models.User.findOne({
@@ -51,7 +51,7 @@ exports.deleteUser = async (req, res) => {
   }
 
   if (user.deleteToken !== req.params.token) {
-    return response.errorForbidden(res)
+    return response.errorForbidden(req, res)
   }
 
   await user.destroy()
@@ -60,7 +60,7 @@ exports.deleteUser = async (req, res) => {
 
 exports.exportMyData = (req, res) => {
   if (!req.isAuthenticated()) {
-    return response.errorForbidden(res)
+    return response.errorForbidden(req, res)
   }
 
   const archive = archiver('zip', {