diff --git a/packages/webapp/webapp_server.js b/packages/webapp/webapp_server.js
index 6bed9c38f0..57efccc80c 100644
--- a/packages/webapp/webapp_server.js
+++ b/packages/webapp/webapp_server.js
@@ -661,7 +661,7 @@ WebAppInternals.bindToProxy = function (proxyConfig) {
         throw err;
       outstanding--;
       checkComplete();
-    }
+    };
   };
 
   // for now, have our (temporary) requiresAuth flag apply to all
@@ -701,7 +701,7 @@ WebAppInternals.bindToProxy = function (proxyConfig) {
         parsedUrl.pathname = "";
       if (! parsedUrl.pathname.indexOf("/") !== 0) {
         // Relative path
-        parsedUrl.pathname = bindPathPrefix + "/" + parsedUrl.pathname;
+        parsedUrl.pathname = bindPathPrefix + parsedUrl.pathname;
       }
     }
 
@@ -721,8 +721,8 @@ WebAppInternals.bindToProxy = function (proxyConfig) {
       proxyToPort = ourPort;
       proxyToPathPrefix = parsedUrl.pathname;
     } else {
-      var parsedFwdUrl = url.parse(route.forwardTo);
-      if (! parsedUrl.hostname || parsedUrl.protocol)
+      var parsedFwdUrl = url.parse(route.forwardTo, false, true);
+      if (! parsedFwdUrl.hostname || parsedFwdUrl.protocol)
         throw new Error("Bad forward url");
       proxyToHost = parsedFwdUrl.hostname;
       proxyToPort = parseInt(parsedFwdUrl.port || "80");
diff --git a/tools/auth.js b/tools/auth.js
index 45e03a39e4..f1aebed691 100644
--- a/tools/auth.js
+++ b/tools/auth.js
@@ -355,11 +355,11 @@ var logInToGalaxy = function (galaxyName) {
 
   if (response.statusCode !== 200 ||
       ! body ||
-      ! _.has(response.setCookie, 'GALAXY_AUTH'))
+      ! _.has(galaxyResult.setCookie, 'GALAXY_AUTH'))
     return { error: 'access-denied' };
 
   return {
-    token: response.setCookie.GALAXY_AUTH,
+    token: galaxyResult.setCookie.GALAXY_AUTH,
     tokenId: body.tokenId
   };
 };