diff --git a/docker/nginx/conf.d/client.conf b/docker/nginx/conf.d/client.conf
index 5bb1cc31..c2c701db 100644
--- a/docker/nginx/conf.d/client.conf
+++ b/docker/nginx/conf.d/client.conf
@@ -465,20 +465,29 @@ server {
 	}
 
 	location /__internal/do/not/use {
+		include /etc/nginx/conf.d/include/cors;
+
+		charset utf-8;
+    	charset_types application/json;
+    	default_type application/json;
+
 		content_by_lua_block {
 			local json = require('cjson')
 			-- this block runs only when accounts are enabled
 			if os.getenv("ACCOUNTS_ENABLED", "0") == "0" then
-				return ngx.say(json.encode{authenticated = false})
+				ngx.say(json.encode{authenticated = false})
+				return ngx.exit(ngx.HTTP_OK)
 			end
 
 			local res = ngx.location.capture("/accounts/user", { copy_all_vars = true })
 			if res.status == ngx.HTTP_OK then
 				local limits = json.decode(res.body)
-				return ngx.say(json.encode{authenticated = limits.tier > 0})
+				ngx.say(json.encode{authenticated = limits.tier > 0})
+				return ngx.exit(ngx.HTTP_OK)
 			end
 
 			ngx.say(json.encode{authenticated = false})
+			return ngx.exit(ngx.HTTP_OK)
 		}
 	}