diff --git a/api-server/server/component-passport.js b/api-server/server/component-passport.js
index e0512d0c50..0ed09652cb 100644
--- a/api-server/server/component-passport.js
+++ b/api-server/server/component-passport.js
@@ -86,9 +86,12 @@ export const devSaveResponseAuthCookies = () => {
 export const devLoginRedirect = () => {
   return (req, res) => {
     // this mirrors the production approach, but without any validation
-    let { returnTo, origin, pathPrefix } = getRedirectParams(req);
+    let { returnTo, origin, pathPrefix } = getRedirectParams(
+      req,
+      params => params
+    );
     returnTo += isRootPath(getRedirectBase(origin, pathPrefix), returnTo)
-      ? '/learn'
+      ? 'learn'
       : '';
     return res.redirect(returnTo);
   };
diff --git a/api-server/server/utils/redirection.js b/api-server/server/utils/redirection.js
index 031f61a5d9..7125c72acd 100644
--- a/api-server/server/utils/redirection.js
+++ b/api-server/server/utils/redirection.js
@@ -23,7 +23,6 @@ function getReturnTo(encryptedParams, secret, _homeLocation = homeLocation) {
   return normalizeParams(params, _homeLocation);
 }
 
-// TODO: tests!
 function normalizeParams(
   { returnTo, origin, pathPrefix },
   _homeLocation = homeLocation
@@ -59,9 +58,6 @@ function getRedirectBase(origin, pathPrefix) {
   return `${origin}${redirectPathSegment}`;
 }
 
-// TODO: this might be cleaner if we just use a URL for returnTo (call it
-// returnURL for clarity) rather than pulling out origin and returning it
-// separately
 function getRedirectParams(req, _normalizeParams = normalizeParams) {
   const url = req.header('Referer');
   // since we do not always redirect the user back to the page they were on