diff --git a/quotesdb/src/bin/ui/pages/admin.rs b/quotesdb/src/bin/ui/pages/admin.rs
index f4cfff1..60211e5 100644
--- a/quotesdb/src/bin/ui/pages/admin.rs
+++ b/quotesdb/src/bin/ui/pages/admin.rs
@@ -37,10 +37,18 @@ pub fn admin_page() -> Html {
     // Fetch submission lock state on mount.
     {
         let submissions_locked = submissions_locked.clone();
+        let lock_error = lock_error.clone();
         use_effect_with((), move |_| {
             spawn_local(async move {
-                if let Ok(status) = api::get_status().await {
-                    submissions_locked.set(Some(status.submissions_locked));
+                match api::get_status().await {
+                    Ok(status) => {
+                        submissions_locked.set(Some(status.submissions_locked));
+                    }
+                    Err(_) => {
+                        // Fail-open: treat as unlocked so the UI doesn't hang on "Loading status...".
+                        submissions_locked.set(Some(false));
+                        lock_error.set(Some("Could not fetch status.".to_string()));
+                    }
                 }
             });
         });
@@ -74,7 +82,8 @@ pub fn admin_page() -> Html {
                 } else {
                     Some(passphrase.as_str())
                 };
-                match api::admin_reset_auth_code(&code, new_code_opt, &code).await {
+                // The server only validates X-Admin-Code; the `current` parameter is not used server-side.
+                match api::admin_reset_auth_code("", new_code_opt, &code).await {
                     Ok(new_code) => {
                         reset_result.set(Some(new_code));
                         reset_error.set(None);