diff --git a/web/src/endpoints/user/post_changepassword.rs b/web/src/endpoints/user/post_changepassword.rs
index 0665d082..ad0fdeac 100644
--- a/web/src/endpoints/user/post_changepassword.rs
+++ b/web/src/endpoints/user/post_changepassword.rs
@@ -20,7 +20,7 @@ async fn post(
     form: web::Form<ChangePasswordForm>,
     pool: web::Data<PgPool>,
 ) -> Result<impl Responder, ApplicationError> {
-    let is_dry = header.into_inner().is_some_and_equal("password-strength");
+    let is_dry = header.is_some_and_equal("password-strength");
 
     let mut builder = PasswordChangeBuilder::<NoneToken>::new(
         pool.get_ref(),
diff --git a/web/src/endpoints/user/post_register.rs b/web/src/endpoints/user/post_register.rs
index f1cff3e8..0cd31c41 100644
--- a/web/src/endpoints/user/post_register.rs
+++ b/web/src/endpoints/user/post_register.rs
@@ -3,7 +3,7 @@ use maud::html;
 use serde::Deserialize;
 use sqlx::PgPool;
 
-use crate::utils::{password_change::PasswordChangeBuilder, ApplicationError};
+use crate::utils::{password_change::PasswordChangeBuilder, ApplicationError, HtmxTargetHeader};
 use brass_db::models::Registration;
 
 #[derive(Deserialize)]
@@ -11,22 +11,19 @@ struct RegisterForm {
     token: String,
     password: String,
     passwordretyped: String,
-    dry: Option<bool>,
 }
 
 #[post("/register")]
 async fn post(
     form: web::Form<RegisterForm>,
     pool: web::Data<PgPool>,
+    header: web::Header<HtmxTargetHeader>,
 ) -> Result<impl Responder, ApplicationError> {
-    // TODO: refactor into check if HX-TARGET = #password-strength exists
-    let is_dry = form.dry.unwrap_or(false);
-    let token =
-        if let Some(token) = Registration::does_token_exist(pool.get_ref(), &form.token).await? {
-            token
-        } else {
-            return Ok(HttpResponse::NoContent().finish());
-        };
+    let is_dry = header.is_some_and_equal("password-strength");
+
+    let Some(token) = Registration::does_token_exist(pool.get_ref(), &form.token).await? else {
+        return Ok(HttpResponse::NoContent().finish());
+    };
 
     let mut builder = PasswordChangeBuilder::<Registration>::new(
         pool.get_ref(),
@@ -39,9 +36,15 @@ async fn post(
     let change = builder.build();
 
     let response = if is_dry {
-        change.validate_for_input().await.unwrap() // TODO
+        match change.validate_for_input().await {
+            Ok(r) => r,
+            Err(e) => HttpResponse::UnprocessableEntity().body(e.message),
+        }
     } else {
-        change.validate().await.unwrap(); // TODO
+        if let Err(e) = change.validate().await {
+            return Ok(HttpResponse::UnprocessableEntity().body(e.message));
+        }
+
         change.commit().await?;
         HttpResponse::Ok().body(
             html! {
diff --git a/web/templates/user/change_password.html b/web/templates/user/change_password.html
index 9ea55619..e195be39 100644
--- a/web/templates/user/change_password.html
+++ b/web/templates/user/change_password.html
@@ -11,9 +11,9 @@
       <div class="field">
         <label class="label" for="password">{{ new_password_label }}</label>
         <div class="control">
-          <input class="input" hx-trigger="keyup changed delay:500ms" hx-target="#password-strength"
-                 hx-target-422="#password-strength" placeholder="**********" name="password"
-                 type="password" required hx-swap="outerHTML" maxlength=256
+          <input class="input" hx-post="{{ endpoint }}" hx-trigger="keyup changed delay:500ms"
+                 hx-target="#password-strength" hx-target-422="#password-strength" placeholder="**********"
+                 name="password" type="password" required hx-swap="outerHTML" maxlength=256
                  _="on input put '' into #password-strength">
         </div>
         <div id="password-strength" class="mb-3 help content"></div>