diff --git a/app/fileReceiver.js b/app/fileReceiver.js
index 71a2cebb..4fc742ac 100644
--- a/app/fileReceiver.js
+++ b/app/fileReceiver.js
@@ -127,7 +127,9 @@ export default class FileReceiver extends Nanobus {
           if (xhr.status === 200) {
             return resolve(xhr.response);
           }
-          reject(new Error(xhr.status));
+          const err = new Error(xhr.status);
+          err.nonce = nonce;
+          reject(err);
         }
       };
       xhr.onerror = () => reject(new Error(0));
@@ -146,9 +148,11 @@ export default class FileReceiver extends Nanobus {
       try {
         data = await this.fetchMetadata(nonce);
       } catch (e) {
-        if (e.message === '401') {
+        if (e.message === '401' && nonce !== e.nonce) {
           // allow one retry for changed nonce
           data = await this.fetchMetadata(e.nonce);
+        } else {
+          throw e;
         }
       }
       const metaKey = await this.metaKeyPromise;
@@ -235,8 +239,10 @@ export default class FileReceiver extends Nanobus {
       try {
         ciphertext = await this.downloadFile(nonce);
       } catch (e) {
-        if (e.message === '401') {
+        if (e.message === '401' && nonce !== e.nonce) {
           ciphertext = await this.downloadFile(e.nonce);
+        } else {
+          throw e;
         }
       }
       this.msg = 'decryptingFile';
diff --git a/app/fileSender.js b/app/fileSender.js
index 1212429e..c4fc2e70 100644
--- a/app/fileSender.js
+++ b/app/fileSender.js
@@ -1,6 +1,17 @@
 import Nanobus from 'nanobus';
 import { arrayToB64, b64ToArray, bytes } from './utils';
 
+async function getAuthHeader(authKey, nonce) {
+  const sig = await window.crypto.subtle.sign(
+    {
+      name: 'HMAC'
+    },
+    authKey,
+    b64ToArray(nonce)
+  );
+  return `send-v1 ${arrayToB64(new Uint8Array(sig))}`;
+}
+
 export default class FileSender extends Nanobus {
   constructor(file) {
     super('FileSender');
@@ -224,17 +235,6 @@ export default class FileSender extends Nanobus {
     return this.uploadFile(encrypted, metadata, new Uint8Array(rawAuth));
   }
 
-  async getAuthHeader(authKey, nonce) {
-    const sig = await window.crypto.subtle.sign(
-      {
-        name: 'HMAC'
-      },
-      authKey,
-      b64ToArray(nonce)
-    );
-    return `send-v1 ${arrayToB64(new Uint8Array(sig))}`;
-  }
-
   static async setPassword(password, file) {
     const encoder = new TextEncoder();
     const secretKey = await window.crypto.subtle.importKey(
@@ -259,7 +259,7 @@ export default class FileSender extends Nanobus {
       true,
       ['sign']
     );
-    const authHeader = await this.getAuthHeader(authKey, file.nonce);
+    const authHeader = await getAuthHeader(authKey, file.nonce);
     const pwdKey = await window.crypto.subtle.importKey(
       'raw',
       encoder.encode(password),