diff --git a/core/lib/Drupal/Core/Access/AccessManager.php b/core/lib/Drupal/Core/Access/AccessManager.php
index 14729a5..47c7160 100644
--- a/core/lib/Drupal/Core/Access/AccessManager.php
+++ b/core/lib/Drupal/Core/Access/AccessManager.php
@@ -126,7 +126,7 @@ protected function applies(Route $route) {
   public function check(Route $route, Request $request) {
     $checks = $route->getOption('_access_checks') ?: array();
 
-    $conjunction = $route->getOption('_access_mode') ?: 'ANY';
+    $conjunction = $route->getOption('_access_mode') ?: 'ALL';
 
     if ($conjunction == 'ALL') {
       return $this->checkAll($checks, $route, $request);
diff --git a/core/modules/rest/lib/Drupal/rest/Plugin/ResourceBase.php b/core/modules/rest/lib/Drupal/rest/Plugin/ResourceBase.php
index b829c7c..689d286 100644
--- a/core/modules/rest/lib/Drupal/rest/Plugin/ResourceBase.php
+++ b/core/modules/rest/lib/Drupal/rest/Plugin/ResourceBase.php
@@ -92,6 +92,8 @@ public function routes() {
         // The HTTP method is a requirement for this route.
         '_method' => $method,
         '_permission' => "restful $lower_method $this->pluginId",
+      ), array(
+        '_access_mode' => 'ANY',
       ));
 
       switch ($method) {
diff --git a/core/modules/system/tests/modules/router_test/router_test.routing.yml b/core/modules/system/tests/modules/router_test/router_test.routing.yml
index 2eda2c8..7341c08 100644
--- a/core/modules/system/tests/modules/router_test/router_test.routing.yml
+++ b/core/modules/system/tests/modules/router_test/router_test.routing.yml
@@ -48,6 +48,8 @@ router_test_8:
 
 router_test_9:
   pattern: '/router_test/test9'
+  options:
+    _access_mode: 'ANY'
   defaults:
     _controller: '\Drupal\router_test\TestControllers::test8'
   requirements:
diff --git a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php
index f9cab9a..7757efc 100644
--- a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php
+++ b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php
@@ -133,6 +133,13 @@ public function providerTestCheckConjunctions() {
       'expected' => FALSE,
     );
     $access_configurations[] = array(
+      'conjunction' => NULL,
+      'name' => 'test_route_4',
+      'condition_one' => AccessCheckInterface::ALLOW,
+      'condition_two' => AccessCheckInterface::KILL,
+      'expected' => FALSE,
+    );
+    $access_configurations[] = array(
       'conjunction' => 'ALL',
       'name' => 'test_route_5',
       'condition_one' => AccessCheckInterface::ALLOW,
@@ -140,6 +147,13 @@ public function providerTestCheckConjunctions() {
       'expected' => FALSE,
     );
     $access_configurations[] = array(
+      'conjunction' => NULL,
+      'name' => 'test_route_5',
+      'condition_one' => AccessCheckInterface::ALLOW,
+      'condition_two' => AccessCheckInterface::DENY,
+      'expected' => FALSE,
+    );
+    $access_configurations[] = array(
       'conjunction' => 'ALL',
       'name' => 'test_route_6',
       'condition_one' => AccessCheckInterface::KILL,
@@ -147,6 +161,13 @@ public function providerTestCheckConjunctions() {
       'expected' => FALSE,
     );
     $access_configurations[] = array(
+      'conjunction' => NULL,
+      'name' => 'test_route_6',
+      'condition_one' => AccessCheckInterface::KILL,
+      'condition_two' => AccessCheckInterface::DENY,
+      'expected' => FALSE,
+    );
+    $access_configurations[] = array(
       'conjunction' => 'ALL',
       'name' => 'test_route_7',
       'condition_one' => AccessCheckInterface::ALLOW,
@@ -154,6 +175,13 @@ public function providerTestCheckConjunctions() {
       'expected' => TRUE,
     );
     $access_configurations[] = array(
+      'conjunction' => NULL,
+      'name' => 'test_route_7',
+      'condition_one' => AccessCheckInterface::ALLOW,
+      'condition_two' => AccessCheckInterface::ALLOW,
+      'expected' => TRUE,
+    );
+    $access_configurations[] = array(
       'conjunction' => 'ALL',
       'name' => 'test_route_8',
       'condition_one' => AccessCheckInterface::KILL,
@@ -161,6 +189,13 @@ public function providerTestCheckConjunctions() {
       'expected' => FALSE,
     );
     $access_configurations[] = array(
+      'conjunction' => NULL,
+      'name' => 'test_route_8',
+      'condition_one' => AccessCheckInterface::KILL,
+      'condition_two' => AccessCheckInterface::KILL,
+      'expected' => FALSE,
+    );
+    $access_configurations[] = array(
       'conjunction' => 'ALL',
       'name' => 'test_route_9',
       'condition_one' => AccessCheckInterface::DENY,
@@ -168,6 +203,13 @@ public function providerTestCheckConjunctions() {
       'expected' => FALSE,
     );
     $access_configurations[] = array(
+      'conjunction' => NULL,
+      'name' => 'test_route_9',
+      'condition_one' => AccessCheckInterface::DENY,
+      'condition_two' => AccessCheckInterface::DENY,
+      'expected' => FALSE,
+    );
+    $access_configurations[] = array(
       'conjunction' => 'ANY',
       'name' => 'test_route_10',
       'condition_one' => AccessCheckInterface::ALLOW,
@@ -232,7 +274,7 @@ public function testCheckConjunctions($conjunction, $name, $condition_one, $cond
       '_access' => static::convertAccessCheckInterfaceToString($condition_one),
       '_test_access' => static::convertAccessCheckInterfaceToString($condition_two),
     );
-    $options = array('_access_mode' => $conjunction);
+    $options = $conjunction ? array('_access_mode' => $conjunction) : array();
     $route = new Route($name, array(), $requirements, $options);
     $route_collection->add($name, $route);