diff --git a/src/c3nav/control/views/access.py b/src/c3nav/control/views/access.py
index 216cf6f1..b7cb42ad 100644
--- a/src/c3nav/control/views/access.py
+++ b/src/c3nav/control/views/access.py
@@ -67,6 +67,6 @@ def grant_access_qr(request, token):  # todo: make class based view
     url = reverse('site.access.redeem', kwargs={'token': str(token.token)})
     return render(request, 'control/access_qr.html', {
         'url': url,
-        'url_qr': reverse('site.qr', kwargs={'path': url}),
+        'url_qr': reverse('site.qr', kwargs={'path': url.removeprefix('/')}),
         'url_absolute': request.build_absolute_uri(url),
     })
diff --git a/src/c3nav/site/views.py b/src/c3nav/site/views.py
index 62fb7685..47059551 100644
--- a/src/c3nav/site/views.py
+++ b/src/c3nav/site/views.py
@@ -175,7 +175,7 @@ def qr_code_etag(request, path):
 @etag(qr_code_etag)
 @cache_control(max_age=3600)
 def qr_code(request, path):
-    data = (request.build_absolute_uri('/'+path) +
+    data = (request.build_absolute_uri('/'+path.removeprefix('/')) +
             ('?'+request.META['QUERY_STRING'] if request.META['QUERY_STRING'] else ''))
     if len(data) > 256:
         return HttpResponseBadRequest()