diff --git a/homeassistant/components/hassio/http.py b/homeassistant/components/hassio/http.py
index 60888d8d301..95f861e6097 100644
--- a/homeassistant/components/hassio/http.py
+++ b/homeassistant/components/hassio/http.py
@@ -34,6 +34,10 @@ NO_TIMEOUT = re.compile(
     r")$"
 )
 
+NO_AUTH_ONBOARDING = re.compile(
+    r"^(?:" r"|supervisor/logs" r"|snapshots/[^/]+/.+" r")$"
+)
+
 NO_AUTH = re.compile(
     r"^(?:" r"|app/.*" r"|addons/[^/]+/logo" r"|addons/[^/]+/icon" r")$"
 )
@@ -149,7 +153,7 @@ def _get_timeout(path: str) -> int:
 
 def _need_auth(hass, path: str) -> bool:
     """Return if a path need authentication."""
-    if not async_is_onboarded(hass) and path.startswith("snapshots"):
+    if not async_is_onboarded(hass) and NO_AUTH_ONBOARDING.match(path):
         return False
     if NO_AUTH.match(path):
         return False
diff --git a/tests/components/hassio/test_http.py b/tests/components/hassio/test_http.py
index db6e9d1f85e..d069b311ab2 100644
--- a/tests/components/hassio/test_http.py
+++ b/tests/components/hassio/test_http.py
@@ -155,6 +155,8 @@ def test_need_auth(hass):
     """Test if the requested path needs authentication."""
     assert not _need_auth(hass, "addons/test/logo")
     assert _need_auth(hass, "snapshots/new/upload")
+    assert _need_auth(hass, "supervisor/logs")
 
     hass.data["onboarding"] = False
     assert not _need_auth(hass, "snapshots/new/upload")
+    assert not _need_auth(hass, "supervisor/logs")