diff --git a/tests/GuiBaseTest.py b/tests/GuiBaseTest.py
index 65178f46..659ea052 100644
--- a/tests/GuiBaseTest.py
+++ b/tests/GuiBaseTest.py
@@ -4,6 +4,7 @@ import requests
 import shutil
 import socket
 import socks
+import base64
 
 from PyQt5 import QtCore, QtTest
 
@@ -126,20 +127,20 @@ class GuiBaseTest(object):
         if type(mode) == ReceiveMode:
             # Upload a file
             files = {'file[]': open('/tmp/test.txt', 'rb')}
-            if not public_mode:
-                path = 'http://127.0.0.1:{}/{}/upload'.format(self.gui.app.port, mode.web.password)
+            url = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
+            if public_mode:
+                response = requests.post(url, files=files)
             else:
-                path = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
-            response = requests.post(path, files=files)
+                response = requests.post(url, files=files, auth=requests.auth.HTTPBasicAuth('onionshare', mode.web.password))
             QtTest.QTest.qWait(2000)
 
         if type(mode) == ShareMode:
             # Download files
+            url = "http://127.0.0.1:{}/download".format(self.gui.app.port)
             if public_mode:
-                url = "http://127.0.0.1:{}/download".format(self.gui.app.port)
+                r = requests.get(url)
             else:
-                url = "http://127.0.0.1:{}/{}/download".format(self.gui.app.port, mode.web.password)
-            r = requests.get(url)
+                r = requests.get(url, auth=requests.auth.HTTPBasicAuth('onionshare', mode.web.password))
             QtTest.QTest.qWait(2000)
 
         # Indicator should be visible, have a value of "1"
@@ -212,7 +213,7 @@ class GuiBaseTest(object):
         if public_mode:
             self.assertEqual(clipboard.text(), 'http://127.0.0.1:{}'.format(self.gui.app.port))
         else:
-            self.assertEqual(clipboard.text(), 'http://127.0.0.1:{}/{}'.format(self.gui.app.port, mode.server_status.web.password))
+            self.assertEqual(clipboard.text(), 'http://onionshare:{}@127.0.0.1:{}'.format(mode.server_status.web.password, self.gui.app.port))
 
 
     def server_status_indicator_says_started(self, mode):
@@ -234,8 +235,11 @@ class GuiBaseTest(object):
         else:
             path = '/'
 
-        http_request = 'GET {} HTTP/1.0\r\n'.format(path)
+        http_request = 'GET / HTTP/1.0\r\n'
         http_request += 'Host: 127.0.0.1\r\n'
+        if not public_mode:
+            auth = base64.b64encode(b'onionshare:'+password.encode()).decode()
+            http_request += 'Authorization: Basic {}'.format(auth)
         http_request += '\r\n'
         s.sendall(http_request.encode('utf-8'))
 
diff --git a/tests/GuiReceiveTest.py b/tests/GuiReceiveTest.py
index 6ecf608c..0d413c4f 100644
--- a/tests/GuiReceiveTest.py
+++ b/tests/GuiReceiveTest.py
@@ -8,14 +8,14 @@ class GuiReceiveTest(GuiBaseTest):
     def upload_file(self, public_mode, file_to_upload, expected_basename, identical_files_at_once=False):
         '''Test that we can upload the file'''
         files = {'file[]': open(file_to_upload, 'rb')}
+        url = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
         if not public_mode:
-            path = 'http://127.0.0.1:{}/{}/upload'.format(self.gui.app.port, self.gui.receive_mode.web.password)
+            r = requests.post(url, files=files)
         else:
-            path = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
-        response = requests.post(path, files=files)
+            r = requests.post(url, files=files, auth=requests.auth.HTTPBasicAuth('onionshare', mode.web.password))
         if identical_files_at_once:
             # Send a duplicate upload to test for collisions
-            response = requests.post(path, files=files)
+            r = requests.post(path, files=files)
         QtTest.QTest.qWait(2000)
 
         # Make sure the file is within the last 10 seconds worth of filenames
@@ -39,11 +39,11 @@ class GuiReceiveTest(GuiBaseTest):
     def upload_file_should_fail(self, public_mode):
         '''Test that we can't upload the file when permissions are wrong, and expected content is shown'''
         files = {'file[]': open('/tmp/test.txt', 'rb')}
+        url = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
         if not public_mode:
-            path = 'http://127.0.0.1:{}/{}/upload'.format(self.gui.app.port, self.gui.receive_mode.web.password)
+            r = requests.post(url, files=files)
         else:
-            path = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
-        response = requests.post(path, files=files)
+            r = requests.post(url, files=files, auth=requests.auth.HTTPBasicAuth('onionshare', mode.web.password))
 
         QtCore.QTimer.singleShot(1000, self.accept_dialog)
         self.assertTrue('Error uploading, please inform the OnionShare user' in response.text)
@@ -53,17 +53,14 @@ class GuiReceiveTest(GuiBaseTest):
         os.chmod('/tmp/OnionShare', mode)
 
     def try_public_paths_in_non_public_mode(self):
-        response = requests.post('http://127.0.0.1:{}/upload'.format(self.gui.app.port))
+        r = requests.post('http://127.0.0.1:{}/upload'.format(self.gui.app.port))
         self.assertEqual(response.status_code, 404)
-        response = requests.get('http://127.0.0.1:{}/close'.format(self.gui.app.port))
+        r = requests.get('http://127.0.0.1:{}/close'.format(self.gui.app.port))
         self.assertEqual(response.status_code, 404)
 
     def uploading_zero_files_shouldnt_change_ui(self, mode, public_mode):
         '''If you submit the receive mode form without selecting any files, the UI shouldn't get updated'''
-        if not public_mode:
-            path = 'http://127.0.0.1:{}/{}/upload'.format(self.gui.app.port, self.gui.receive_mode.web.password)
-        else:
-            path = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
+        url = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
 
         # What were the counts before submitting the form?
         before_in_progress_count = mode.history.in_progress_count
@@ -71,9 +68,15 @@ class GuiReceiveTest(GuiBaseTest):
         before_number_of_history_items = len(mode.history.item_list.items)
 
         # Click submit without including any files a few times
-        response = requests.post(path, files={})
-        response = requests.post(path, files={})
-        response = requests.post(path, files={})
+        if not public_mode:
+            r = requests.post(url, files={})
+            r = requests.post(url, files={})
+            r = requests.post(url, files={})
+        else:
+            auth = requests.auth.HTTPBasicAuth('onionshare', mode.web.password)
+            r = requests.post(url, files={}, auth=auth)
+            r = requests.post(url, files={}, auth=auth)
+            r = requests.post(url, files={}, auth=auth)
 
         # The counts shouldn't change
         self.assertEqual(mode.history.in_progress_count, before_in_progress_count)
diff --git a/tests/GuiShareTest.py b/tests/GuiShareTest.py
index 02ae0eea..9b0bb70b 100644
--- a/tests/GuiShareTest.py
+++ b/tests/GuiShareTest.py
@@ -92,13 +92,13 @@ class GuiShareTest(GuiBaseTest):
         QtTest.QTest.qWait(2000)
         self.assertEqual('onionshare', zip.read('test.txt').decode('utf-8'))
 
-    def hit_404(self, public_mode):
-        '''Test that the server stops after too many 404s, or doesn't when in public_mode'''
-        bogus_path = '/gimme'
-        url = "http://127.0.0.1:{}/{}".format(self.gui.app.port, bogus_path)
+    def hit_401(self, public_mode):
+        '''Test that the server stops after too many 401s, or doesn't when in public_mode'''
+        url = "http://127.0.0.1:{}/".format(self.gui.app.port)
 
         for _ in range(20):
-            r = requests.get(url)
+            password_guess = self.gui.common.build_password()
+            r = requests.get(url, auth=requests.auth.HTTPBasicAuth('onionshare', password))
 
         # A nasty hack to avoid the Alert dialog that blocks the rest of the test
         if not public_mode:
diff --git a/tests/local_onionshare_404_public_mode_skips_ratelimit_test.py b/tests/local_onionshare_401_public_mode_skips_ratelimit_test.py
similarity index 87%
rename from tests/local_onionshare_404_public_mode_skips_ratelimit_test.py
rename to tests/local_onionshare_401_public_mode_skips_ratelimit_test.py
index 4fad5532..f06ea37b 100644
--- a/tests/local_onionshare_404_public_mode_skips_ratelimit_test.py
+++ b/tests/local_onionshare_401_public_mode_skips_ratelimit_test.py
@@ -4,7 +4,7 @@ import unittest
 
 from .GuiShareTest import GuiShareTest
 
-class Local404PublicModeRateLimitTest(unittest.TestCase, GuiShareTest):
+class Local401PublicModeRateLimitTest(unittest.TestCase, GuiShareTest):
     @classmethod
     def setUpClass(cls):
         test_settings = {
@@ -22,7 +22,7 @@ class Local404PublicModeRateLimitTest(unittest.TestCase, GuiShareTest):
     def test_gui(self):
         self.run_all_common_setup_tests()
         self.run_all_share_mode_tests(True, True)
-        self.hit_404(True)
+        self.hit_401(True)
 
 if __name__ == "__main__":
     unittest.main()
diff --git a/tests/local_onionshare_404_triggers_ratelimit_test.py b/tests/local_onionshare_401_triggers_ratelimit_test.py
similarity index 87%
rename from tests/local_onionshare_404_triggers_ratelimit_test.py
rename to tests/local_onionshare_401_triggers_ratelimit_test.py
index 49be0f5b..4100657b 100644
--- a/tests/local_onionshare_404_triggers_ratelimit_test.py
+++ b/tests/local_onionshare_401_triggers_ratelimit_test.py
@@ -4,7 +4,7 @@ import unittest
 
 from .GuiShareTest import GuiShareTest
 
-class Local404RateLimitTest(unittest.TestCase, GuiShareTest):
+class Local401RateLimitTest(unittest.TestCase, GuiShareTest):
     @classmethod
     def setUpClass(cls):
         test_settings = {
@@ -21,7 +21,7 @@ class Local404RateLimitTest(unittest.TestCase, GuiShareTest):
     def test_gui(self):
         self.run_all_common_setup_tests()
         self.run_all_share_mode_tests(False, True)
-        self.hit_404(False)
+        self.hit_401(False)
 
 if __name__ == "__main__":
     unittest.main()