diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5f5537ae3b8..75b2566f513 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -157,7 +157,8 @@ class ApplicationController < ActionController::Base
     opts ||= {}
     show_json_errors = (request.format && request.format.json?) ||
                        (request.xhr?) ||
-                       ((params[:external_id] || '').ends_with? '.json')
+                       ((params[:external_id] || '').ends_with? '.json') ||
+                       !(current_user rescue nil)
 
     if show_json_errors
       # HACK: do not use render_json_error for topics#show
diff --git a/spec/controllers/topics_controller_spec.rb b/spec/controllers/topics_controller_spec.rb
index a29cd6955e0..868603f845b 100644
--- a/spec/controllers/topics_controller_spec.rb
+++ b/spec/controllers/topics_controller_spec.rb
@@ -1064,6 +1064,14 @@ describe TopicsController do
           }, format: :json
 
           expect(response.code.to_i).to be(403)
+          expect(response.body).to eq(I18n.t("invalid_access"))
+
+          get :show, params: {
+            topic_id: topic.id, slug: topic.slug, api_key: "bad"
+          }, format: :html
+
+          expect(response.code.to_i).to be(403)
+          expect(response.body).to eq(I18n.t("invalid_access"))
         end
       end
     end