diff --git a/server.js b/server.js
index 3d7e99b..7907445 100644
--- a/server.js
+++ b/server.js
@@ -77,7 +77,7 @@ function authMiddleware(req, res, next) {
   if (!AUTH_ENABLED) return next();
 
   // Skip auth for login, auth-status, and members endpoints
-  if (req.path === '/api/login' || req.path === '/api/auth-status' || req.path === '/api/members') return next();
+  if (req.path === '/api/login' || req.path === '/api/auth-status' || req.path === '/api/members' || req.path === '/api/config') return next();
 
   const token = req.headers['x-auth-token'];
   if (token && sessions.has(token)) {