diff --git a/.secrets.baseline b/.secrets.baseline
index 26e8796a..4c29a6d9 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -194,7 +194,7 @@
         "hashed_secret": "e4f14805dfd1e6af030359090c535e149e6b4207",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 543,
+        "line_number": 638,
         "type": "Hex High Entropy String"
       }
     ]
diff --git a/tests/test_access.py b/tests/test_access.py
index e864ff4f..283823d2 100644
--- a/tests/test_access.py
+++ b/tests/test_access.py
@@ -74,6 +74,11 @@ def test_all_protected_routes_have_access_control(
     )
     monkeypatch.setattr("atst.app.assign_resources", lambda *a: None)
 
+    # monkeypatch the error handler
+    monkeypatch.setattr(
+        "atst.routes.errors.handle_error", lambda *a, **k: ("error", 500)
+    )
+
     # patch the internal function the access decorator uses so that
     # we can check that it was called
     mocker.patch("atst.domain.authz.decorator.check_access")