diff --git a/README.md b/README.md
index 0feb910..b3c5b78 100644
--- a/README.md
+++ b/README.md
@@ -4,9 +4,11 @@ the application comprises a video CDN and a client that fetches a record and dis
 the appview does not ingest from any event stream, but rather fetches videos on-demand.
 
 there is an allowlist of trusted users whose videos can be proxied,
-since re-serving arbitrary user content can be a big liability.
+since rehosting arbitrary user content can be a big liability.
 
 ## to-do list
 
+- loading indicator when we're fetching from PDS / CDN
+- better validation / rpc via lexicon.ts
 - video cdn garbage collection (so that disk usage doesn't grow unbounded)
 - etc
diff --git a/appview/main.ts b/appview/main.ts
index 1e505d5..ba61bab 100644
--- a/appview/main.ts
+++ b/appview/main.ts
@@ -49,8 +49,12 @@ async function fetchVideo(req: Request): Promise<Response> {
 
   if (!db.inAllowlist(body.repo)) {
     return new Response(
-      JSON.stringify({ error: "repo is not allowlisted on AppView" }),
+      JSON.stringify({
+        error: "Denied",
+        message: "repo is not allowlisted on AppView",
+      }),
       {
+        status: 400,
         headers: {
           "content-type": "application/json",
           "access-control-allow-origin": "*",
diff --git a/lexicon/fetchVideo.json b/lexicon/fetchVideo.json
index cf0c26a..46425bc 100644
--- a/lexicon/fetchVideo.json
+++ b/lexicon/fetchVideo.json
@@ -32,7 +32,8 @@
             }
           }
         }
-      }
+      },
+      "errors": [{ "name": "Denied" }]
     }
   }
 }