This is now possible on Next.js 10+ without having to do any sort of response header manipulation directly. Use getServerSideProps or getStaticProps and return a redirect key as the only value from it if your conditions are met:
export async function getServerSideProps(context) {
if(context.req.body.username == "user" && context.req.body.password == "123"){
return {
redirect: {
permanent: false,
destination: "/"
}
}
}
}