diff --git a/lib/AuthHandler.ts b/lib/AuthHandler.ts
index 55dc4c7..f9ce4b6 100644
--- a/lib/AuthHandler.ts
+++ b/lib/AuthHandler.ts
@@ -86,7 +86,7 @@ class AuthRequest {
     data,
     leave_open
   }: AccessSettings): Promise<AccessResult> {
-    this.default_header (typeof redirect_to !== 'string');
+    this.default_header (typeof redirect_to !== 'string' && !leave_open);
 
     const at = await auth.sign (
       'access_token',
@@ -122,6 +122,8 @@ class AuthRequest {
       result.refresh_token_id = rt.id;
     }
 
+    this._is_successful = true;
+
     if (typeof redirect_to === 'string') {
       this.response.setHeader ('Location', redirect_to);
       this.response.statusCode = 302;
@@ -135,7 +137,6 @@ class AuthRequest {
       this.response.end (JSON.stringify (res));
     }
 
-    this._is_successful = true;
     return result;
   }
 
diff --git a/package.json b/package.json
index 6531354..518bb2b 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@sapphirecode/auth-server-helper",
-  "version": "2.1.2",
+  "version": "2.1.3",
   "main": "dist/index.js",
   "author": {
     "name": "Timo Hocker",
diff --git a/test/spec/AuthHandler.ts b/test/spec/AuthHandler.ts
index 7a8df90..b70c7c2 100644
--- a/test/spec/AuthHandler.ts
+++ b/test/spec/AuthHandler.ts
@@ -5,6 +5,7 @@
  * Created by Timo Hocker <timo@scode.ovh>, January 2021
  */
 
+/* eslint-disable max-lines */
 import http, { IncomingMessage, ServerResponse } from 'http';
 import { to_b64 } from '@sapphirecode/encoding-helper';
 import auth from '../../lib/Authority';
@@ -55,7 +56,8 @@ describe ('auth handler', () => {
   beforeAll (() => {
     clock_setup ();
 
-    const ah = create_auth_handler ((req) => {
+    // eslint-disable-next-line complexity, max-lines-per-function
+    const ah = create_auth_handler (async (req) => {
       if (!req.is_basic && !req.is_bearer) {
         let body_auth = false;
         try {
@@ -94,6 +96,14 @@ describe ('auth handler', () => {
           redirect_to:             '/redirected'
         });
       }
+      else if (req.user === 'leave' && req.password === 'open') {
+        req.response.setHeader ('Content-Type', 'text/plain');
+        await req.allow_access ({
+          access_token_expires_in: expires_seconds,
+          leave_open:              true
+        });
+        req.response.end ('custom response');
+      }
       else {
         req.deny ();
       }
@@ -320,4 +330,21 @@ describe ('auth handler', () => {
         error_description: 'unknown authorization type'
       });
   });
+
+  it ('should not set content-type when leave-open is specified', async () => {
+    const resp1 = await get ({ authorization: 'Basic leave:open' });
+    expect (resp1.statusCode)
+      .toEqual (200);
+    expect (resp1.headers['content-type'])
+      .toEqual ('text/plain');
+    expect (resp1.body)
+      .toEqual ('custom response');
+    let signature = '';
+    for (const c of resp1.headers['set-cookie'] as string[]) {
+      if (c.includes ('cookie_jar='))
+        signature = c.replace ('cookie_jar=', '');
+    }
+    expect (signature).not.toEqual ('');
+    check_token (signature, 'access_token');
+  });
 });