diff --git a/lib/App/Netdisco/Web.pm b/lib/App/Netdisco/Web.pm
index 7496d8dc..e7c0cdcb 100644
--- a/lib/App/Netdisco/Web.pm
+++ b/lib/App/Netdisco/Web.pm
@@ -188,16 +188,20 @@ hook 'before_template' => sub {
     $Template::Stash::PRIVATE = undef;
 };
 
-# remove empty lines from CSV response
-# this makes writing templates much more straightforward!
+# workaround for Swagger plugin weird response body
 hook 'after' => sub {
     my $r = shift; # a Dancer::Response
 
-    # workaround for Swagger plugin weird response body
     if (request->path eq '/swagger.json') {
         $r->content( to_json( $r->content ) );
         header('Content-Type' => 'application/json');
     }
+};
+
+# remove empty lines from CSV response
+# this makes writing templates much more straightforward!
+hook 'after' => sub {
+    my $r = shift; # a Dancer::Response
 
     if ($r->content_type and $r->content_type eq 'text/comma-separated-values') {
         my @newlines = ();
diff --git a/lib/App/Netdisco/Web/AuthN.pm b/lib/App/Netdisco/Web/AuthN.pm
index d8bd6613..94f4858a 100644
--- a/lib/App/Netdisco/Web/AuthN.pm
+++ b/lib/App/Netdisco/Web/AuthN.pm
@@ -59,8 +59,9 @@ hook 'before' => sub {
 };
 
 get qr{^/(?:login(?:/denied)?)?} => sub {
+    # FIXME not sure this is the right approach
     if (param('return_url') and param('return_url') =~ m{^/api/}) {
-      status 403;
+      status('unauthorized')
       return to_json {
         error => 'not authorized',
         return_url => param('return_url'),