diff --git a/src/gateway/http-utils.authorize-request.test.ts b/src/gateway/http-utils.authorize-request.test.ts
index 0c78645a041..8fa3a52a5b9 100644
--- a/src/gateway/http-utils.authorize-request.test.ts
+++ b/src/gateway/http-utils.authorize-request.test.ts
@@ -108,16 +108,16 @@ describe("authorizeGatewayHttpRequestOrReply", () => {
       trustedProxies: ["127.0.0.1"],
     });
 
-    expect(vi.mocked(authorizeHttpGatewayConnect)).toHaveBeenCalledWith(
-      expect.objectContaining({
-        browserOriginPolicy: {
-          requestHost: "gateway.example.com",
-          origin: "https://evil.example",
-          allowedOrigins: ["https://control.example.com"],
-          allowHostHeaderOriginFallback: false,
-        },
-      }),
-    );
+    const [authParams] = vi.mocked(authorizeHttpGatewayConnect).mock.calls.at(-1) ?? [];
+    if (authParams === undefined) {
+      throw new Error("Expected HTTP gateway auth to be called");
+    }
+    expect(authParams.browserOriginPolicy).toEqual({
+      requestHost: "gateway.example.com",
+      origin: "https://evil.example",
+      allowedOrigins: ["https://control.example.com"],
+      allowHostHeaderOriginFallback: false,
+    });
   });
 
   it("replies with auth failure and returns null when auth fails", async () => {
diff --git a/src/gateway/security-path.test.ts b/src/gateway/security-path.test.ts
index 366fd2237e2..638ce905beb 100644
--- a/src/gateway/security-path.test.ts
+++ b/src/gateway/security-path.test.ts
@@ -17,16 +17,14 @@ function buildRepeatedEncodedSlashPath(depth: number): string {
 
 describe("security-path canonicalization", () => {
   it("canonicalizes decoded case/slash variants", () => {
-    expect(canonicalizePathForSecurity("/API/channels//nostr/default/profile/")).toEqual(
-      expect.objectContaining({
-        canonicalPath: "/api/channels/nostr/default/profile",
-        candidates: ["/api/channels/nostr/default/profile"],
-        malformedEncoding: false,
-        decodePasses: 0,
-        decodePassLimitReached: false,
-        rawNormalizedPath: "/api/channels/nostr/default/profile",
-      }),
-    );
+    expect(canonicalizePathForSecurity("/API/channels//nostr/default/profile/")).toEqual({
+      canonicalPath: "/api/channels/nostr/default/profile",
+      candidates: ["/api/channels/nostr/default/profile"],
+      malformedEncoding: false,
+      decodePasses: 0,
+      decodePassLimitReached: false,
+      rawNormalizedPath: "/api/channels/nostr/default/profile",
+    });
     const encoded = canonicalizePathForSecurity("/api/%63hannels%2Fnostr%2Fdefault%2Fprofile");
     expect(encoded.canonicalPath).toBe("/api/channels/nostr/default/profile");
     expect(encoded.candidates).toContain("/api/%63hannels%2fnostr%2fdefault%2fprofile");