diff --git a/resources/auth.html b/resources/auth.html
index 916acf6ee..6470859f7 100644
--- a/resources/auth.html
+++ b/resources/auth.html
@@ -2,14 +2,14 @@
     <head>
         <title>Login - Chatterino</title>
     </head>
-    <body onload="xd()">
+    <body>
         <noscript>
             <p>noscript stuffs here</p>
         </noscript>
 
         <p id="status">Loading...</p>
         <script>
-            function xd() {
+            (function() {
                 // Address of local Chatterino's http server
                 const address = "localhost";
                 const port = 52107;
@@ -19,19 +19,12 @@
                 history.replaceState(null, null, " ");
 
                 // Find token in the hash
-                let token = "";
-                const fragmentElements = fragment.split("&");
-                for (element of fragmentElements) {
-                    const parts = element.split("=");
-                    if (parts[0] === "access_token" && parts[1].length !== 0) {
-                        token = parts[1];
-                    }
-                }
+                const token = new URLSearchParams(fragment).get("access_token");
 
                 let status = document.getElementById("status");
 
                 // Return if no token was found
-                if (token.length === 0) {
+                if (!token) {
                     status.innerHTML = "Bad request";
                     return;
                 }
@@ -40,7 +33,7 @@
                 status.innerHTML = "Sending your credentials to Chatterino...";
 
                 fetch(`http://${address}:${port}/token`, {
-                    method: "POST",
+                    method: "PUT",
                     headers: {
                         "X-Access-Token": token
                     }
@@ -57,7 +50,7 @@
                     console.log(err);
                     status.innerHTML = "Something went wrong, check console for details";
                 });
-            }
+            })();
         </script>
     </body>
 </html>
diff --git a/src/widgets/dialogs/LoginDialog.cpp b/src/widgets/dialogs/LoginDialog.cpp
index 45d1c9e41..b912e7bd9 100644
--- a/src/widgets/dialogs/LoginDialog.cpp
+++ b/src/widgets/dialogs/LoginDialog.cpp
@@ -99,7 +99,7 @@ BasicLoginWidget::BasicLoginWidget()
 
             resp.write(redirectHTML.readAll(),
                        {{"Access-Control-Allow-Origin", "*"},
-                        {"Access-Control-Allow-Methods", "GET, POST"},
+                        {"Access-Control-Allow-Methods", "GET, PUT"},
                         {"Access-Control-Allow-Headers", "X-Access-Token"}},
                        QHttpServerResponder::StatusCode::Ok);
         });
@@ -108,12 +108,12 @@ BasicLoginWidget::BasicLoginWidget()
         [](const QHttpServerRequest &req, QHttpServerResponder &&resp) {
             qDebug() << "options called!";
             resp.write({{"Access-Control-Allow-Origin", "*"},
-                        {"Access-Control-Allow-Methods", "GET, POST"},
+                        {"Access-Control-Allow-Methods", "GET, PUT"},
                         {"Access-Control-Allow-Headers", "X-Access-Token"}},
                        QHttpServerResponder::StatusCode::Ok);
         });
     this->httpServer_->route(
-        "/token", QHttpServerRequest::Method::POST,
+        "/token", QHttpServerRequest::Method::PUT,
         [](const QHttpServerRequest &req, QHttpServerResponder &&resp) {
             if (!req.headers().contains("X-Access-Token"))
             {
@@ -122,10 +122,10 @@ BasicLoginWidget::BasicLoginWidget()
             }
 
             // Handle token
-            auto token = req.headers()["X-Access-Token"];
+            const auto token = req.headers().value("X-Access-Token").toString();
             qDebug() << token;
             resp.write({{"Access-Control-Allow-Origin", "*"},
-                        {"Access-Control-Allow-Methods", "GET, POST"},
+                        {"Access-Control-Allow-Methods", "GET, PUT"},
                         {"Access-Control-Allow-Headers", "X-Access-Token"}},
                        QHttpServerResponder::StatusCode::Ok);
         });
