diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb
index ba4819fc23..8fc60b4955 100644
--- a/app/controllers/errors_controller.rb
+++ b/app/controllers/errors_controller.rb
@@ -2,6 +2,7 @@
 
 class ErrorsController < ApplicationController
   skip_before_action :verify_authenticity_token
+  skip_before_action :check_user_access
 
   def bad_request
     render status: :bad_request, formats: :html
diff --git a/config/environments/test.rb b/config/environments/test.rb
index a7ef27f9f9..d5b65bfd2a 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -22,8 +22,8 @@
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
 
-  # Raise exceptions instead of rendering exception templates.
-  config.action_dispatch.show_exceptions = false
+  # Handle exceptions ourselves and return HTTP status instead of raising exceptions.
+  config.action_dispatch.show_exceptions = true
 
   # Disable request forgery protection in test environment.
   config.action_controller.allow_forgery_protection = false
diff --git a/spec/requests/errors_spec.rb b/spec/requests/errors_spec.rb
index ce7fc94870..db6a76bf39 100644
--- a/spec/requests/errors_spec.rb
+++ b/spec/requests/errors_spec.rb
@@ -32,4 +32,12 @@
       expect(response.body).to include(I18n.t!("errors.internal_server_error.title"))
     end
   end
+
+  describe "bypassing user access checks" do
+    it "returns a not found response when a document doesn't exist" do
+      get document_path("document-that-does-not-exist")
+
+      expect(response).to have_http_status(:not_found)
+    end
+  end
 end