diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index 9a9d5a086b9..d431d92dfd9 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -4,7 +4,7 @@ require_dependency 'post_destroyer'
 class PostsController < ApplicationController
 
   # Need to be logged in for all actions here
-  before_filter :ensure_logged_in, except: [:show, :replies, :by_number, :short_link]
+  before_filter :ensure_logged_in, except: [:show, :replies, :by_number, :short_link, :versions]
 
   skip_before_filter :store_incoming_links, only: [:short_link]
   skip_before_filter :check_xhr, only: [:markdown,:short_link]
diff --git a/spec/controllers/posts_controller_spec.rb b/spec/controllers/posts_controller_spec.rb
index 0936b7a9879..292b573df95 100644
--- a/spec/controllers/posts_controller_spec.rb
+++ b/spec/controllers/posts_controller_spec.rb
@@ -56,13 +56,7 @@ describe PostsController do
 
   describe 'versions' do
 
-    it 'raises an exception when not logged in' do
-      lambda { xhr :get, :versions, post_id: 123 }.should raise_error(Discourse::NotLoggedIn)
-    end
-
-    describe 'when logged in' do
-      let(:post) { Fabricate(:post, user: log_in) }
-
+    shared_examples 'posts_controller versions examples' do
       it "raises an error if the user doesn't have permission to see the post" do
         Guardian.any_instance.expects(:can_see?).with(post).returns(false)
         xhr :get, :versions, post_id: post.id
@@ -73,7 +67,16 @@ describe PostsController do
         xhr :get, :versions, post_id: post.id
         ::JSON.parse(response.body).should be_present
       end
+    end
 
+    context 'when not logged in' do
+      let(:post) { Fabricate(:post) }
+      include_examples 'posts_controller versions examples'
+    end
+
+    context 'when logged in' do
+      let(:post) { Fabricate(:post, user: log_in) }
+      include_examples 'posts_controller versions examples'
     end
 
   end