diff --git a/activityPub.go b/activityPub.go
index 0f31282..4ca0acb 100644
--- a/activityPub.go
+++ b/activityPub.go
@@ -350,12 +350,15 @@ func apSendSigned(blog *configBlog, activity interface{}, to string) error {
 	}
 	// Do request
 	resp, err := http.DefaultClient.Do(r)
+	if err != nil {
+		return err
+	}
 	if !apRequestIsSuccess(resp.StatusCode) {
 		body, _ := ioutil.ReadAll(resp.Body)
-		resp.Body.Close()
+		_ = resp.Body.Close()
 		return fmt.Errorf("signed request failed with status %d: %s", resp.StatusCode, string(body))
 	}
-	return err
+	return nil
 }
 
 func apNewID(blog *configBlog) (hash string, url string) {
diff --git a/indieAuthServer.go b/indieAuthServer.go
index 0c6f4d9..2232465 100644
--- a/indieAuthServer.go
+++ b/indieAuthServer.go
@@ -153,6 +153,7 @@ func indieAuthToken(w http.ResponseWriter, r *http.Request) {
 		data, err := verifyIndieAuthToken(r.Header.Get("Authorization"))
 		if err != nil {
 			http.Error(w, "Invalid token or token not found", http.StatusUnauthorized)
+			return
 		}
 		res := &tokenResponse{
 			Scope:    strings.Join(data.Scopes, " "),
@@ -166,6 +167,7 @@ func indieAuthToken(w http.ResponseWriter, r *http.Request) {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
+		return
 	} else if r.Method == http.MethodPost {
 		r.ParseForm()
 		// Token Revocation
@@ -217,7 +219,10 @@ func indieAuthToken(w http.ResponseWriter, r *http.Request) {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return
 			}
+			return
 		}
+		http.Error(w, "", http.StatusBadRequest)
+		return
 	}
 }