diff --git a/src/routes/_actions/doQuickLoginIfNecessary.js b/src/routes/_actions/doQuickLoginIfNecessary.js
new file mode 100644
index 00000000..8f297151
--- /dev/null
+++ b/src/routes/_actions/doQuickLoginIfNecessary.js
@@ -0,0 +1,35 @@
+// "Secret" API to quickly log in with an access token and instance name.
+// Used in the integration tests. Can't see a problem with exposing this publicly
+// since you would have to know the access token anyway.
+
+import { store } from '../_store/store'
+import { goto } from '../../../__sapper__/client'
+
+export function doQuickLoginIfNecessary () {
+  const params = new URLSearchParams(location.search)
+  const accessToken = params.get('accessToken')
+  const instanceName = params.get('instanceName')
+  if (!accessToken || !instanceName) {
+    return
+  }
+  const {
+    loggedInInstances,
+    loggedInInstancesInOrder
+  } = store.get()
+
+  loggedInInstances[instanceName] = {
+    access_token: accessToken
+  }
+
+  if (!loggedInInstancesInOrder.includes(instanceName)) {
+    loggedInInstancesInOrder.push(instanceName)
+  }
+
+  store.set({
+    currentInstance: instanceName,
+    loggedInInstances,
+    loggedInInstancesInOrder
+  })
+  store.save()
+  goto('/') // re-navigate without the URL params
+}
diff --git a/src/routes/_pages/index.html b/src/routes/_pages/index.html
index ab73c225..88c8fc9e 100644
--- a/src/routes/_pages/index.html
+++ b/src/routes/_pages/index.html
@@ -9,9 +9,11 @@
   import TimelineHomePage from '../_components/TimelineHomePage.html'
   import { observe } from 'svelte-extras'
   import { showShareDialogIfNecessary } from '../_actions/showShareDialogIfNecessary'
+  import { doQuickLoginIfNecessary } from '../_actions/doQuickLoginIfNecessary'
 
   export default {
     async oncreate () {
+      doQuickLoginIfNecessary()
       let observed = false
       this.observe('currentVerifyCredentials', verifyCredentials => {
         if (verifyCredentials && !observed) {
diff --git a/src/routes/settings/quick-login.html b/src/routes/settings/quick-login.html
deleted file mode 100644
index 7e1b0bdd..00000000
--- a/src/routes/settings/quick-login.html
+++ /dev/null
@@ -1,33 +0,0 @@
-<!-- this is only used in the tests, to log in quickly -->
-<script>
-  import { store } from '../_store/store'
-  import { goto } from '../../../__sapper__/client'
-
-  export default {
-    store: () => store,
-    oncreate () {
-      const accessToken = location.search.match(/accessToken=([^&]+)/)[1]
-      const instanceName = location.search.match(/instanceName=([^&]+)/)[1]
-      const {
-        loggedInInstances,
-        loggedInInstancesInOrder
-      } = this.store.get()
-
-      loggedInInstances[instanceName] = {
-        access_token: accessToken
-      }
-
-      if (!loggedInInstancesInOrder.includes(instanceName)) {
-        loggedInInstancesInOrder.push(instanceName)
-      }
-
-      this.store.set({
-        currentInstance: instanceName,
-        loggedInInstances,
-        loggedInInstancesInOrder
-      })
-      this.store.save()
-      goto('/')
-    }
-  }
-</script>
diff --git a/tests/roles.js b/tests/roles.js
index 88fce90e..d769098e 100644
--- a/tests/roles.js
+++ b/tests/roles.js
@@ -3,7 +3,7 @@ import { users } from './users'
 
 // quick login using a secret page and a known access token (makes tests run faster)
 async function login (t, user) {
-  await t.navigateTo(`/settings/quick-login?instanceName=localhost:3000&accessToken=${user.accessToken}`)
+  await t.navigateTo(`/?instanceName=localhost:3000&accessToken=${user.accessToken}`)
     .expect(getUrl()).eql('http://localhost:4002/', { timeout: 30000 })
 }
 
diff --git a/vercel.json b/vercel.json
index f29e1f8b..0f557461 100644
--- a/vercel.json
+++ b/vercel.json
@@ -256,22 +256,6 @@
         "cross-origin-opener-policy": "same-origin"
       }
     },
-    {
-      "src": "^\\/settings\\/quick-login\\/?$",
-      "headers": {
-        "cache-control": "public,max-age=3600",
-        "content-security-policy": "default-src 'self';script-src 'self' 'sha256-fM8bPHTtg62HWLF582AUElbUYoLeNdbgfS5Wim6+X2E=' 'sha256-Rv0XCoOhq4H0QyKE7rEhr+e9GI5gsmGcC04fY0HPORc=' 'sha256-28NJWgGMi7z1BsySG4SYZCjth/ys7dkElS3oIl5ZEqM=' 'sha256-nUHIts9QUqQq4nfffteH1WG3ZeWESwmxZn6bWMNWsiM=' 'sha256-MGLg9fH15qQqEcT+iTfwx/cfVp2MgjSrVt08u3NVKa8=' 'sha256-OQjxgqHHnjfZwkCEsAo2MRjd3GuPmg+RvmjrZd35TN4=' 'sha256-sS3nggZVNGyoYqI7U/PSwnwI4CymIdHNgJwW49qztWo=' 'sha256-aASq1hOJ8PP2cfK9QGXaCLdqgtkDXDb5VFXlSyrpX/M=' 'sha256-1ujkGrbsh0Yx/bquh2I9gkG1ZaZetCkjre6vciK2u7U=';worker-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' * data: blob:;media-src 'self' *;connect-src 'self' * data: blob:;frame-src 'none';frame-ancestors 'none';object-src 'none';manifest-src 'self';form-action 'self';base-uri 'self'",
-        "referrer-policy": "no-referrer",
-        "strict-transport-security": "max-age=15552000; includeSubDomains",
-        "permissions-policy": "sync-xhr=(),document-domain=()",
-        "x-content-type-options": "nosniff",
-        "x-download-options": "noopen",
-        "x-frame-options": "DENY",
-        "x-xss-protection": "1; mode=block",
-        "cross-origin-opener-policy": "same-origin"
-      },
-      "dest": "service-worker-index.html"
-    },
     {
       "src": "^\\/settings\\/instances\\/?$",
       "headers": {