diff --git a/src/test/java/jasper/security/AuthMultiTenantUnitTest.java b/src/test/java/jasper/security/AuthMultiTenantUnitTest.java
index 7fe5afbb..a53b9b06 100644
--- a/src/test/java/jasper/security/AuthMultiTenantUnitTest.java
+++ b/src/test/java/jasper/security/AuthMultiTenantUnitTest.java
@@ -104,6 +104,26 @@ void testCanReadRef_Public() {
 			.isTrue();
 	}
 
+	@Test
+	void testCanReadRef_PublicRemote() {
+		var auth = getAuth(getUser("+user/test@other"));
+		var ref = getRef("public");
+		ref.setOrigin(ref.getOrigin() + ".remote");
+
+		assertThat(auth.canReadRef(ref))
+			.isTrue();
+	}
+
+	@Test
+	void testCanReadRef_PublicOriginFailed() {
+		var auth = getAuth(getUser("+user/test@other"));
+		var ref = getRef("public");
+		ref.setOrigin("@inaccessible");
+
+		assertThat(auth.canReadRef(ref))
+			.isFalse();
+	}
+
 	@Test
 	void testCanReadRef_NonPublicFailed() {
 		var auth = getAuth(getUser("+user/test@other"));
diff --git a/src/test/java/jasper/security/AuthUnitTest.java b/src/test/java/jasper/security/AuthUnitTest.java
index 6e6606d9..337d9ec9 100644
--- a/src/test/java/jasper/security/AuthUnitTest.java
+++ b/src/test/java/jasper/security/AuthUnitTest.java
@@ -107,6 +107,16 @@ void testCanReadRef_Public() {
 			.isTrue();
 	}
 
+	@Test
+	void testCanReadRef_PublicRemote() {
+		var auth = getAuth(getUser("+user/test"));
+		var ref = getRef("public");
+		ref.setOrigin("@other");
+
+		assertThat(auth.canReadRef(ref))
+			.isTrue();
+	}
+
 	@Test
 	void testCanReadRef_NonPublicFailed() {
 		var auth = getAuth(getUser("+user/test"));
@@ -598,6 +608,15 @@ void testCanReadTag_Public() {
 			.isTrue();
 	}
 
+	@Test
+	void testCanReadTag_PublicRemote() {
+		var user = getUser("+user/test");
+		var auth = getAuth(user, VIEWER);
+
+		assertThat(auth.canReadTag("custom@remote"))
+			.isTrue();
+	}
+
 	@Test
 	void testCanReadTag_Protected() {
 		var user = getUser("+user/test");