diff --git a/lib/www/server/api/index.js b/lib/www/server/api/index.js
index 8cdd00a..7281a95 100644
--- a/lib/www/server/api/index.js
+++ b/lib/www/server/api/index.js
@@ -300,10 +300,10 @@ app.map({
 // // 		delete: [ mw.permissions.delete ]
 // 	},
 	'/project/:project/files/:path(*)': {
-		get: [ mw.auth.access.write, mw.files.get ]
+		get: [ mw.files.get ]
 	},
 	'/files/?:path(*)': {
-		get: [ mw.auth.access.write, mw.etag.noSave, mw.files.get ]
+		get: [ mw.etag.noSave, mw.files.get ]
 	},
 	'/navdata/': { // TODO These endpoints should probably need read access auth
 		get: [ mw.etag.noSave, mw.navdata.get ],