diff --git a/server.py b/server.py
index 3e7f86c..bdb9faa 100644
--- a/server.py
+++ b/server.py
@@ -3261,28 +3261,48 @@ async def update_storage(storage_id: int, req: UpdateStorageRequest, user: User
 
 
 @app.delete("/storage/{storage_id}")
-async def remove_storage(storage_id: int, user: User = Depends(get_required_user)):
+async def remove_storage(storage_id: int, request: Request, user: User = Depends(get_optional_user)):
     """Remove a storage provider."""
+    # Support both Bearer token and cookie auth
+    username = user.username if user else get_user_from_cookie(request)
+    if not username:
+        raise HTTPException(401, "Not authenticated")
+
     storage = await db.get_storage_by_id(storage_id)
     if not storage:
         raise HTTPException(404, "Storage provider not found")
-    if storage["username"] != user.username:
+    if storage["username"] != username:
         raise HTTPException(403, "Not authorized")
 
     success = await db.remove_user_storage(storage_id)
     if not success:
         raise HTTPException(500, "Failed to remove storage provider")
 
+    # Return empty string for HTMX to remove the element
+    if wants_html(request):
+        return HTMLResponse("")
+
     return {"message": "Storage provider removed"}
 
 
 @app.post("/storage/{storage_id}/test")
-async def test_storage(storage_id: int, request: Request, user: User = Depends(get_required_user)):
+async def test_storage(storage_id: int, request: Request, user: User = Depends(get_optional_user)):
     """Test storage provider connectivity."""
+    # Support both Bearer token and cookie auth
+    username = user.username if user else get_user_from_cookie(request)
+    if not username:
+        if wants_html(request):
+            return HTMLResponse('<span class="text-red-400">Not authenticated</span>', status_code=401)
+        raise HTTPException(401, "Not authenticated")
+
     storage = await db.get_storage_by_id(storage_id)
     if not storage:
+        if wants_html(request):
+            return HTMLResponse('<span class="text-red-400">Storage not found</span>', status_code=404)
         raise HTTPException(404, "Storage provider not found")
-    if storage["username"] != user.username:
+    if storage["username"] != username:
+        if wants_html(request):
+            return HTMLResponse('<span class="text-red-400">Not authorized</span>', status_code=403)
         raise HTTPException(403, "Not authorized")
 
     config = storage["config"] if isinstance(storage["config"], dict) else json.loads(storage["config"])