diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5dea17b5..eddf510d 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -35,7 +35,7 @@ class ApplicationController < ActionController::Base
 
   def handle_unauthorized
     if authenticated?
-      head :forbidden # TODO: make this better
+      redirect_to root_path, notice: "You don't have permission to see that page."
     else
       redirect_to new_user_session_path, notice: 'Try signing in to do that.'
     end
diff --git a/spec/controllers/maps_controller_spec.rb b/spec/controllers/maps_controller_spec.rb
index 0f053dd9..800ab4dc 100644
--- a/spec/controllers/maps_controller_spec.rb
+++ b/spec/controllers/maps_controller_spec.rb
@@ -79,8 +79,8 @@ RSpec.describe MapsController, type: :controller do
           id: unowned_map.to_param
         }
       end.to change(Map, :count).by(0)
-      expect(response.body).to eq ''
-      expect(response.status).to eq 403
+      expect(response.headers['Location']).to eq(request.base_url + root_path)
+      expect(response.status).to eq 302
     end
 
     it 'deletes owned map' do