diff --git a/core/lib/Drupal/Core/Access/AccessManager.php b/core/lib/Drupal/Core/Access/AccessManager.php
index 5e935e0..5959fd0 100644
--- a/core/lib/Drupal/Core/Access/AccessManager.php
+++ b/core/lib/Drupal/Core/Access/AccessManager.php
@@ -227,7 +227,7 @@ public function checkNamedRoute($route_name, array $parameters = array(), Reques
   public function check(Route $route, Request $request) {
     $checks = $route->getOption('_access_checks') ?: array();
 
-    $conjunction = $route->getOption('_access_mode') ?: 'ANY';
+    $conjunction = $route->getOption('_access_mode') ?: 'ALL';
 
     if ($conjunction == 'ALL') {
       return $this->checkAll($checks, $route, $request);
diff --git a/core/modules/rest/lib/Drupal/rest/Plugin/ResourceBase.php b/core/modules/rest/lib/Drupal/rest/Plugin/ResourceBase.php
index 3c1e9f9..a039ba9 100644
--- a/core/modules/rest/lib/Drupal/rest/Plugin/ResourceBase.php
+++ b/core/modules/rest/lib/Drupal/rest/Plugin/ResourceBase.php
@@ -92,6 +92,8 @@ public function routes() {
         // The HTTP method is a requirement for this route.
         '_method' => $method,
         '_permission' => "restful $lower_method $this->pluginId",
+      ), array(
+        '_access_mode' => 'ANY',
       ));
 
       switch ($method) {
diff --git a/core/modules/system/tests/modules/router_test/router_test.routing.yml b/core/modules/system/tests/modules/router_test/router_test.routing.yml
index 0aab01a..3217c98 100644
--- a/core/modules/system/tests/modules/router_test/router_test.routing.yml
+++ b/core/modules/system/tests/modules/router_test/router_test.routing.yml
@@ -48,6 +48,8 @@ router_test.8:
 
 router_test.9:
   path: '/router_test/test9'
+  options:
+    _access_mode: 'ANY'
   defaults:
     _controller: '\Drupal\router_test\TestControllers::test8'
   requirements:
diff --git a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php
index 097cdd3..d12f5c0 100644
--- a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php
+++ b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php
@@ -183,6 +183,13 @@ public function providerTestCheckConjunctions() {
       'expected' => FALSE,
     );
     $access_configurations[] = array(
+      'conjunction' => NULL,
+      'name' => 'test_route_4',
+      'condition_one' => AccessCheckInterface::ALLOW,
+      'condition_two' => AccessCheckInterface::KILL,
+      'expected' => FALSE,
+    );
+    $access_configurations[] = array(
       'conjunction' => 'ALL',
       'name' => 'test_route_5',
       'condition_one' => AccessCheckInterface::ALLOW,
@@ -190,6 +197,13 @@ public function providerTestCheckConjunctions() {
       'expected' => FALSE,
     );
     $access_configurations[] = array(
+      'conjunction' => NULL,
+      'name' => 'test_route_5',
+      'condition_one' => AccessCheckInterface::ALLOW,
+      'condition_two' => AccessCheckInterface::DENY,
+      'expected' => FALSE,
+    );
+    $access_configurations[] = array(
       'conjunction' => 'ALL',
       'name' => 'test_route_6',
       'condition_one' => AccessCheckInterface::KILL,
@@ -197,6 +211,13 @@ public function providerTestCheckConjunctions() {
       'expected' => FALSE,
     );
     $access_configurations[] = array(
+      'conjunction' => NULL,
+      'name' => 'test_route_6',
+      'condition_one' => AccessCheckInterface::KILL,
+      'condition_two' => AccessCheckInterface::DENY,
+      'expected' => FALSE,
+    );
+    $access_configurations[] = array(
       'conjunction' => 'ALL',
       'name' => 'test_route_7',
       'condition_one' => AccessCheckInterface::ALLOW,
@@ -204,6 +225,13 @@ public function providerTestCheckConjunctions() {
       'expected' => TRUE,
     );
     $access_configurations[] = array(
+      'conjunction' => NULL,
+      'name' => 'test_route_7',
+      'condition_one' => AccessCheckInterface::ALLOW,
+      'condition_two' => AccessCheckInterface::ALLOW,
+      'expected' => TRUE,
+    );
+    $access_configurations[] = array(
       'conjunction' => 'ALL',
       'name' => 'test_route_8',
       'condition_one' => AccessCheckInterface::KILL,
@@ -211,6 +239,13 @@ public function providerTestCheckConjunctions() {
       'expected' => FALSE,
     );
     $access_configurations[] = array(
+      'conjunction' => NULL,
+      'name' => 'test_route_8',
+      'condition_one' => AccessCheckInterface::KILL,
+      'condition_two' => AccessCheckInterface::KILL,
+      'expected' => FALSE,
+    );
+    $access_configurations[] = array(
       'conjunction' => 'ALL',
       'name' => 'test_route_9',
       'condition_one' => AccessCheckInterface::DENY,
@@ -218,6 +253,13 @@ public function providerTestCheckConjunctions() {
       'expected' => FALSE,
     );
     $access_configurations[] = array(
+      'conjunction' => NULL,
+      'name' => 'test_route_9',
+      'condition_one' => AccessCheckInterface::DENY,
+      'condition_two' => AccessCheckInterface::DENY,
+      'expected' => FALSE,
+    );
+    $access_configurations[] = array(
       'conjunction' => 'ANY',
       'name' => 'test_route_10',
       'condition_one' => AccessCheckInterface::ALLOW,
@@ -282,7 +324,7 @@ public function testCheckConjunctions($conjunction, $name, $condition_one, $cond
       '_access' => static::convertAccessCheckInterfaceToString($condition_one),
       '_test_access' => static::convertAccessCheckInterfaceToString($condition_two),
     );
-    $options = array('_access_mode' => $conjunction);
+    $options = $conjunction ? array('_access_mode' => $conjunction) : array();
     $route = new Route($name, array(), $requirements, $options);
     $route_collection->add($name, $route);