diff --git a/endpoints/web.py b/endpoints/web.py
index 561c3efd4..5767d7e72 100644
--- a/endpoints/web.py
+++ b/endpoints/web.py
@@ -343,14 +343,20 @@ def sitemap():
 
 @web.route('/buildlogs/<build_uuid>', methods=['GET'])
 @route_show_if(features.BUILD_SUPPORT)
-@require_session_login
+@process_auth_or_cookie
 def buildlogs(build_uuid):
   found_build = model.build.get_repository_build(build_uuid)
   if not found_build:
     abort(403)
 
   repo = found_build.repository
-  if not ModifyRepositoryPermission(repo.namespace_user.username, repo.name).can():
+  has_permission = ModifyRepositoryPermission(repo.namespace_user.username, repo.name).can()
+  if features.READER_BUILD_LOGS and not has_permission:
+    if (ReadRepositoryPermission(repo.namespace_user.username, repo.name).can() or
+        model.repository.repository_is_public(repo.namespace_user.username, repo.name)):
+      has_permission = True
+
+  if not has_permission:
     abort(403)
 
   # If the logs have been archived, just return a URL of the completed archive
@@ -368,7 +374,7 @@ def buildlogs(build_uuid):
 
 @web.route('/logarchive/<file_id>', methods=['GET'])
 @route_show_if(features.BUILD_SUPPORT)
-@require_session_login
+@process_auth_or_cookie
 def logarchive(file_id):
   JSON_MIMETYPE = 'application/json'
   try:
@@ -378,7 +384,13 @@ def logarchive(file_id):
     abort(403)
 
   repo = found_build.repository
-  if not ModifyRepositoryPermission(repo.namespace_user.username, repo.name).can():
+  has_permission = ModifyRepositoryPermission(repo.namespace_user.username, repo.name).can()
+  if features.READER_BUILD_LOGS and not has_permission:
+    if (ReadRepositoryPermission(repo.namespace_user.username, repo.name).can() or
+        model.repository.repository_is_public(repo.namespace_user.username, repo.name)):
+      has_permission = True
+
+  if not has_permission:
     abort(403)
 
   try:
diff --git a/test/test_endpoints.py b/test/test_endpoints.py
index f23de0dfa..d55a48e7f 100644
--- a/test/test_endpoints.py
+++ b/test/test_endpoints.py
@@ -145,7 +145,7 @@ class BuildLogsTestCase(EndpointTestCase):
     self.getResponse('web.buildlogs', build_uuid='bad_build_uuid', expected_code=400)
 
   def test_buildlogs_not_logged_in(self):
-    self.getResponse('web.buildlogs', build_uuid=self.build_uuid, expected_code=401)
+    self.getResponse('web.buildlogs', build_uuid=self.build_uuid, expected_code=403)
 
   def test_buildlogs_unauthorized(self):
     self.login('reader', 'password')
@@ -171,7 +171,7 @@ class ArchivedLogsTestCase(EndpointTestCase):
     self.getResponse('web.logarchive', file_id='bad_build_uuid', expected_code=403)
 
   def test_logarchive_not_logged_in(self):
-    self.getResponse('web.logarchive', file_id=self.build_uuid, expected_code=401)
+    self.getResponse('web.logarchive', file_id=self.build_uuid, expected_code=403)
 
   def test_logarchive_unauthorized(self):
     self.login('reader', 'password')