diff --git a/app/controllers/activity_streams/photos_controller.rb b/app/controllers/activity_streams/photos_controller.rb
index 64019dac7..e4fdf8327 100644
--- a/app/controllers/activity_streams/photos_controller.rb
+++ b/app/controllers/activity_streams/photos_controller.rb
@@ -24,7 +24,7 @@ class ActivityStreams::PhotosController < ApplicationController
     end
   end
 
-  around_filter AuthenticationFilter.new
+  around_filter AuthenticationFilter.new, :only => :create
   skip_before_filter :verify_authenticity_token, :only => :create
 
   respond_to :json
diff --git a/spec/controllers/activity_streams/photos_controller_spec.rb b/spec/controllers/activity_streams/photos_controller_spec.rb
new file mode 100644
index 000000000..d088c5b9c
--- /dev/null
+++ b/spec/controllers/activity_streams/photos_controller_spec.rb
@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+describe ActivityStreams::PhotosController do
+  describe '#show' do
+    before do
+      @photo = Factory(:activity_streams_photo, :author => bob.person)
+      sign_in :user, alice
+    end
+    it 'succeeds' do
+      get :show, :id => @photo.id
+      response.should be_success
+    end
+  end
+end
+