diff --git a/backend/auth.py b/backend/auth.py
index 012e6ac..0d25b83 100644
--- a/backend/auth.py
+++ b/backend/auth.py
@@ -76,11 +76,12 @@ def require_auth(x_auth_token: Optional[str] = Header(default=None)):
     return session
 
 
-def require_auth_flexible(x_auth_token: Optional[str] = Header(default=None), token: Optional[str] = Query(default=None)):
+def require_auth_flexible(x_auth_token: Optional[str] = Header(default=None), auth_token: Optional[str] = Query(default=None, alias="token")):
     """
     FastAPI dependency - auth via header OR query parameter.
 
     Used for endpoints accessed by <img> tags that can't send headers.
+    Query parameter is 'token' (via alias) to avoid conflicts with endpoint parameters.
 
     Usage:
         @app.get("/api/photos/{id}")
@@ -90,9 +91,7 @@ def require_auth_flexible(x_auth_token: Optional[str] = Header(default=None), to
     Raises:
         HTTPException 401 if not authenticated
     """
-    print(f"[DEBUG] require_auth_flexible: x_auth_token={x_auth_token!r}, token={token!r}")
-    session = get_session(x_auth_token or token)
-    print(f"[DEBUG] get_session returned: {session!r}")
+    session = get_session(x_auth_token or auth_token)
     if not session:
         raise HTTPException(401, "Nicht eingeloggt")
     return session