diff --git a/source/java/org/alfresco/repo/web/scripts/content/ContentGet.java b/source/java/org/alfresco/repo/web/scripts/content/ContentGet.java
index 21f6301ec6..7788026939 100644
--- a/source/java/org/alfresco/repo/web/scripts/content/ContentGet.java
+++ b/source/java/org/alfresco/repo/web/scripts/content/ContentGet.java
@@ -34,6 +34,7 @@ import org.alfresco.model.ApplicationModel;
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.cmis.reference.ReferenceFactory;
 import org.alfresco.repo.content.MimetypeMap;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.repo.web.scripts.FileTypeImageUtils;
 import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.repository.ContentService;
@@ -44,6 +45,7 @@ import org.alfresco.service.namespace.QName;
 import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.springframework.extensions.webscripts.Status;
 import org.springframework.extensions.webscripts.WebScriptException;
 import org.springframework.extensions.webscripts.WebScriptRequest;
 import org.springframework.extensions.webscripts.WebScriptResponse;
@@ -185,26 +187,33 @@ public class ContentGet extends StreamContent implements ServletContextAware
 
         boolean rfc5987Supported = (null != userAgent) && (userAgent.contains("MSIE") || userAgent.contains(" Chrome/") || userAgent.contains(" FireFox/"));
 
-        if (attach && rfc5987Supported)
+        try
         {
-            String name = (String) nodeService.getProperty(nodeRef, ContentModel.PROP_NAME);
-            
-            //IE use file extension to get mimetype
-            //So we set correct extension. see MNT-11246
-            if(userAgent.contains("MSIE"))
+            if (attach && rfc5987Supported)
             {
-                String mimeType = contentService.getReader(nodeRef, propertyQName).getMimetype();
-                if (!mimetypeService.getMimetypes(FilenameUtils.getExtension(name)).contains(mimeType))
-                {
-                    name = FilenameUtils.removeExtension(name) + FilenameUtils.EXTENSION_SEPARATOR_STR + mimetypeService.getExtension(mimeType); 
-                }
-            }
+                String name = (String) nodeService.getProperty(nodeRef, ContentModel.PROP_NAME);
             
-            streamContent(req, res, nodeRef, propertyQName, attach, name, null);
+                //IE use file extension to get mimetype
+                //So we set correct extension. see MNT-11246
+                if(userAgent.contains("MSIE"))
+                {
+                    String mimeType = contentService.getReader(nodeRef, propertyQName).getMimetype();
+                    if (!mimetypeService.getMimetypes(FilenameUtils.getExtension(name)).contains(mimeType))
+                    {
+                        name = FilenameUtils.removeExtension(name) + FilenameUtils.EXTENSION_SEPARATOR_STR + mimetypeService.getExtension(mimeType); 
+                    }
+                }
+            
+                streamContent(req, res, nodeRef, propertyQName, attach, name, null);
+            }
+            else
+            {
+                streamContent(req, res, nodeRef, propertyQName, attach, null, null);
+            }
         }
-        else
+        catch (AccessDeniedException e)
         {
-            streamContent(req, res, nodeRef, propertyQName, attach, null, null);
+            throw new WebScriptException(Status.STATUS_FORBIDDEN, e.getMessage());
         }
     }
 
diff --git a/source/test-java/org/alfresco/repo/web/scripts/quickshare/QuickShareRestApiTest.java b/source/test-java/org/alfresco/repo/web/scripts/quickshare/QuickShareRestApiTest.java
index 990184977e..83b382a458 100644
--- a/source/test-java/org/alfresco/repo/web/scripts/quickshare/QuickShareRestApiTest.java
+++ b/source/test-java/org/alfresco/repo/web/scripts/quickshare/QuickShareRestApiTest.java
@@ -210,6 +210,7 @@ public class QuickShareRestApiTest extends BaseWebScriptTest
         final int expectedStatusOK = 200;
         final int expectedStatusNotFound = 404;
         final int expectedStatusServerError = 500; // currently mapped from AccessDenied (should it be 403, 404 or does it depend on use-case)
+        final int expectedStatusForbidden = 403;
         
         String testNodeRef_3 = testNode.toString().replace("://", "/");
         
@@ -236,7 +237,7 @@ public class QuickShareRestApiTest extends BaseWebScriptTest
         // As user two ...
         
         rsp = sendRequest(new GetRequest(AUTH_METADATA_URL.replace("{node_ref_3}", testNodeRef_3)), expectedStatusServerError, USER_TWO);
-        rsp = sendRequest(new GetRequest(AUTH_CONTENT_URL.replace("{node_ref_3}", testNodeRef_3)), expectedStatusServerError, USER_TWO);
+        rsp = sendRequest(new GetRequest(AUTH_CONTENT_URL.replace("{node_ref_3}", testNodeRef_3)), expectedStatusForbidden, USER_TWO);
         rsp = sendRequest(new GetRequest(AUTH_CONTENT_THUMBNAIL_URL.replace("{node_ref_3}", testNodeRef_3).replace("{thumbnailname}", "doclib")), expectedStatusServerError, USER_TWO);
         
         // As user one ...