PATH_INFO will never contain query parameters (that is the contract with
the webserver), so there is no reason to call URI.parse on it.  In
addition, clients can send garbage paths that raise an exception when
being parsed rather than just failing the auth token check.