diff --git a/apps/dav/appinfo/v1/publicwebdav.php b/apps/dav/appinfo/v1/publicwebdav.php
index b0ee264aac..558a823866 100644
--- a/apps/dav/appinfo/v1/publicwebdav.php
+++ b/apps/dav/appinfo/v1/publicwebdav.php
@@ -32,7 +32,7 @@ OC_App::loadApps($RUNTIME_APPTYPES);
 OC_Util::obEnd();
 
 // Backends
-$authBackend = new OCA\DAV\Connector\PublicAuth(\OC::$server->getConfig());
+$authBackend = new OCA\DAV\Connector\PublicAuth(\OC::$server->getConfig(), \OC::$server->getRequest());
 
 $serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory(
 	\OC::$server->getConfig(),
diff --git a/apps/dav/lib/connector/publicauth.php b/apps/dav/lib/connector/publicauth.php
index f069a214fe..0d75a4db49 100644
--- a/apps/dav/lib/connector/publicauth.php
+++ b/apps/dav/lib/connector/publicauth.php
@@ -26,6 +26,9 @@
 
 namespace OCA\DAV\Connector;
 
+use OCP\IConfig;
+use OCP\IRequest;
+
 class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
 
 	/**
@@ -36,10 +39,18 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
 	private $share;
 
 	/**
-	 * @param \OCP\IConfig $config
+	 * @var IRequest
 	 */
-	public function __construct($config) {
+	private $request;
+
+	/**
+	 * @param \OCP\IConfig $config
+	 * @param IRequest $request
+	 */
+	public function __construct(IConfig $config,
+								IRequest $request) {
 		$this->config = $config;
+		$this->request = $request;
 	}
 
 	/**
@@ -52,6 +63,7 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
 	 * @param string $password
 	 *
 	 * @return bool
+	 * @throws \Sabre\DAV\Exception\NotAuthenticated
 	 */
 	protected function validateUserPass($username, $password) {
 		$linkItem = \OCP\Share::getShareByToken($username, false);
@@ -92,6 +104,12 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
 					&& \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id']) {
 					return true;
 				} else {
+					if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) {
+						// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
+						http_response_code(401);
+						header('WWW-Authenticate', 'DummyBasic real="ownCloud"');
+						throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
+					}
 					return false;
 				}
 			} else if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_REMOTE) {