diff --git a/lib/config.js b/lib/config.js
index 53497f1..1f14dd6 100644
--- a/lib/config.js
+++ b/lib/config.js
@@ -20,6 +20,7 @@ var urladdport = process.env.HMD_URL_ADDPORT ? (process.env.HMD_URL_ADDPORT ===
 var usecdn = process.env.HMD_USECDN ? (process.env.HMD_USECDN === 'true') : ((typeof config.usecdn === 'boolean') ? config.usecdn : true);
 
 var allowanonymous = process.env.HMD_ALLOW_ANONYMOUS ? (process.env.HMD_ALLOW_ANONYMOUS === 'true') : ((typeof config.allowanonymous === 'boolean') ? config.allowanonymous : true);
+var allowanonymousView = process.env.HMD_ALLOW_ANONYMOUS_VIEW ? (process.env.HMD_ALLOW_ANONYMOUS_VIEW === 'true') : ((typeof config.allowanonymousView === 'boolean') ? config.allowanonymousView : true);
 
 var allowfreeurl = process.env.HMD_ALLOW_FREEURL ? (process.env.HMD_ALLOW_FREEURL === 'true') : !!config.allowfreeurl;
 
@@ -128,6 +129,7 @@ module.exports = {
     serverurl: getserverurl(),
     usecdn: usecdn,
     allowanonymous: allowanonymous,
+    allowanonymousView: allowanonymousView,
     allowfreeurl: allowfreeurl,
     dburl: dburl,
     db: db,
diff --git a/lib/response.js b/lib/response.js
index a0dc8b1..6985481 100755
--- a/lib/response.js
+++ b/lib/response.js
@@ -117,7 +117,7 @@ function newNote(req, res, next) {
 }
 
 function checkViewPermission(req, note) {
-    if (note.permission == 'private') {
+    if (note.permission == 'private' || !config.allowanonymousView) {
         if (!req.isAuthenticated() || note.ownerId != req.user.id)
             return false;
         else
@@ -161,7 +161,7 @@ function showNote(req, res, next) {
     findNote(req, res, function (note) {
         // force to use note id
         var noteId = req.params.noteId;
-        var id = LZString.compressToBase64(note.id); 
+        var id = LZString.compressToBase64(note.id);
         if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id))
             return res.redirect(config.serverurl + "/" + (note.alias || id));
         return responseHackMD(res, note);
@@ -413,7 +413,7 @@ function publishSlideActions(req, res, next) {
             res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)));
             break;
         default:
-            res.redirect(config.serverurl + '/p/' + note.shortid);    
+            res.redirect(config.serverurl + '/p/' + note.shortid);
             break;
         }
     });