diff --git a/bin/browserid b/bin/browserid
index a337f3db0415b3c3f11fc397f83dd9a349ffcae6..55aa2a8ba8f060b0ff83e42de02921e7469242fd 100755
--- a/bin/browserid
+++ b/bin/browserid
@@ -137,7 +137,7 @@ app.use(function(req, resp, next) {
   resp.json = function(obj) {
     if (!obj || typeof obj !== 'object') {
       logger.error("INTERNAL ERROR!  *all* json responses must be objects");
-      throw "internal error";
+      return httputils.serverError(resp, "broken internal API implementation");
     }
     realRespJSON.call(resp, obj);
   };
diff --git a/lib/wsapi.js b/lib/wsapi.js
index 7eb2ac33c2fc54c02155d715451bdd725c3776ee..38838543e92687b11b54b989bc4ab28c2bdae8c5 100644
--- a/lib/wsapi.js
+++ b/lib/wsapi.js
@@ -245,7 +245,6 @@ exports.setup = function(options, app) {
         wsapis[operation].validate = function(req,res,next) { next(); };
       }
 
-
     } catch(e) {
       var msg = "error registering " + operation + " api: " + e;
       logger.error(msg);
diff --git a/lib/wsapi/email_addition_status.js b/lib/wsapi/email_addition_status.js
index dc7ef61bb4b0a701ab5952768c002efe2aa6ae0c..87d387cdb2f1ea810d8a7a2f671388a256c5588a 100644
--- a/lib/wsapi/email_addition_status.js
+++ b/lib/wsapi/email_addition_status.js
@@ -25,7 +25,7 @@ exports.process = function(req, res) {
         delete req.session.pendingAddition;
         res.json({ status: 'complete' });
       } else if (!req.session.pendingAddition) {
-        res.json('failed');
+        res.json({ status: 'failed' });
       } else {
         db.emailForVerificationSecret(req.session.pendingAddition, function (email) {
           if (email) {