diff --git a/lib/two_factor_authentication/controllers/helpers.rb b/lib/two_factor_authentication/controllers/helpers.rb
index 64e8377c..2a99e648 100644
--- a/lib/two_factor_authentication/controllers/helpers.rb
+++ b/lib/two_factor_authentication/controllers/helpers.rb
@@ -27,6 +27,8 @@ def handle_failed_second_factor(scope)
           elsif request.format.json?
             session["#{scope}_return_to"] = root_path(format: :html)
             render json: { redirect_to: two_factor_authentication_path_for(scope) }, status: :unauthorized
+          else
+            head :unauthorized
           end
         else
           head :unauthorized