diff --git a/src/server/middleware/setup_redirect.py b/src/server/middleware/setup_redirect.py
index b24173e..7958b42 100644
--- a/src/server/middleware/setup_redirect.py
+++ b/src/server/middleware/setup_redirect.py
@@ -37,6 +37,7 @@ class SetupRedirectMiddleware(BaseHTTPMiddleware):
         "/login",  # Login page (needs to be accessible after setup)
         "/queue",  # Queue page (for initial load)
         "/api/auth/",  # All auth endpoints (setup, login, logout, register)
+        "/api/setup/",  # Setup API (unresolved folders, etc.)
         "/ws/connect",  # WebSocket connection (needed for loading page)
         "/api/queue/",  # Queue API endpoints
         "/api/downloads/",  # Download API endpoints
diff --git a/src/server/web/templates/unresolved.html b/src/server/web/templates/unresolved.html
index dfd7280..719fbb4 100644
--- a/src/server/web/templates/unresolved.html
+++ b/src/server/web/templates/unresolved.html
@@ -443,15 +443,13 @@
 
         // API client helpers
         async function fetchUnresolved() {
+            // Note: /api/setup/unresolved does not require auth
+            // It's accessible during the initial setup flow
             const token = localStorage.getItem('auth_token');
-            if (!token) {
-                window.location.href = '/login';
-                return null;
-            }
-            const res = await fetch('/api/setup/unresolved', {
-                headers: { 'Authorization': `Bearer ${token}` }
-            });
+            const headers = token ? { 'Authorization': `Bearer ${token}` } : {};
+            const res = await fetch('/api/setup/unresolved', { headers });
             if (res.status === 401) {
+                // Redirect to login only if we had a token but it expired
                 localStorage.removeItem('auth_token');
                 window.location.href = '/login';
                 return null;