您需要return响应.不要忘记request和response对象是不可变的.

You need to return the response. Don't forget that the request and response objects are immutable.

return $response = $response->withRedirect(...);

我有一个类似的身份验证中间件，这就是我做的方法，它还添加了403(未授权)标头.

I have a similar auth middleware and this is how I do it which also adds a 403 (unauthorized) header.

$uri = $request->getUri()->withPath($this->router->pathFor('home'));
return $response = $response->withRedirect($uri, 403);