diff --git a/auth.go b/auth.go
index 463dddb..3dc5ba6 100644
--- a/auth.go
+++ b/auth.go
@@ -115,7 +115,7 @@ func badAuthorizationHandler(w http.ResponseWriter, r *http.Request) {
 		if Config.siteName != "" {
 			rs = fmt.Sprintf(` realm="%s"`, Config.siteName)
 		}
-		w.Header().Set("WWW-Authenticate", `Basic` + rs)
+		w.Header().Set("WWW-Authenticate", `Basic`+rs)
 	}
 	http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 }
diff --git a/server.go b/server.go
index 907b719..661c2ea 100644
--- a/server.go
+++ b/server.go
@@ -196,20 +196,18 @@ func setup() *web.Mux {
 			AuthFile:      Config.authFile,
 			UnauthMethods: []string{},
 		}
-		okFunc := func (w http.ResponseWriter, r *http.Request) {
+		okFunc := func(w http.ResponseWriter, r *http.Request) {
 			w.Header().Set("Location", Config.sitePath)
 			w.WriteHeader(http.StatusFound)
 		}
-		authHandler := auth {
+		authHandler := auth{
 			successHandler: http.HandlerFunc(okFunc),
 			failureHandler: http.HandlerFunc(badAuthorizationHandler),
 			authKeys:       readAuthKeys(Config.authFile),
 			o:              options,
 		}
 		mux.Head(Config.sitePath+"auth", authHandler)
-		mux.Head(Config.sitePath+"auth/", authHandler)
 		mux.Get(Config.sitePath+"auth", authHandler)
-		mux.Get(Config.sitePath+"auth/", authHandler)
 	}
 
 	mux.Post(Config.sitePath+"upload", uploadPostHandler)
diff --git a/static/js/upload.js b/static/js/upload.js
index db2010c..7ad8da6 100644
--- a/static/js/upload.js
+++ b/static/js/upload.js
@@ -20,7 +20,7 @@ Dropzone.options.dropzone = {
                     dropzone.cancelUpload(file)
                 }
             };
-            xhr.open("HEAD", "auth/", true);
+            xhr.open("HEAD", "/auth", true);
             xhr.send()
         }
         var upload = document.createElement("div");