diff --git a/apps/media-viewer/src/Mediaviewer.vue b/apps/media-viewer/src/Mediaviewer.vue
index a7940d97a40..15972e0fa5b 100644
--- a/apps/media-viewer/src/Mediaviewer.vue
+++ b/apps/media-viewer/src/Mediaviewer.vue
@@ -81,7 +81,7 @@ export default {
       }
     },
     headers () {
-      if (!this.publicPage()) {
+      if (!this.isPublicContext()) {
         return null
       }
 
@@ -105,7 +105,7 @@ export default {
         a: 1
       })
 
-      if (this.publicPage()) {
+      if (this.isPublicContext()) {
         const path = [
           '..',
           'dav',
@@ -164,6 +164,12 @@ export default {
   },
 
   methods: {
+    isPublicContext () {
+      // TODO: Can we rely on not being "authenticated" while viewing a public link?
+      // Currently it works. We cannot use publicPage() because that will still return
+      // true when opening the mediaviewer from authenticated routes
+      return !this.isAuthenticated
+    },
     loadImage () {
       this.loading = true
 
diff --git a/changelog/unreleased/fix_media_viewer_on_private_pages.md b/changelog/unreleased/fix_media_viewer_on_private_pages.md
new file mode 100644
index 00000000000..20dabdc68fc
--- /dev/null
+++ b/changelog/unreleased/fix_media_viewer_on_private_pages.md
@@ -0,0 +1,5 @@
+Bugfix: fix media-viewer on private pages
+
+media-viewer incorrectly assumed it was on a public page when opened from a private page.
+
+https://github.com/owncloud/phoenix/pull/3288