3 files changed, 29 insertions, 1 deletions

diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts
index a0035f623..d2ed079b6 100644
--- a/server/middlewares/index.ts
+++ b/server/middlewares/index.ts
@@ -4,6 +4,7 @@ export * from './activitypub'
 export * from './async'
 export * from './auth'
 export * from './pagination'
+export * from './robots'
 export * from './servers'
 export * from './sort'
 export * from './user-right'
diff --git a/server/middlewares/robots.ts b/server/middlewares/robots.ts
new file mode 100644
index 000000000..b22b24a9f
--- /dev/null
+++ b/server/middlewares/robots.ts
@@ -0,0 +1,13 @@
+import express from 'express'
+
+function disableRobots (req: express.Request, res: express.Response, next: express.NextFunction) {
+  res.setHeader('X-Robots-Tag', 'noindex')
+
+  return next()
+}
+
+// ---------------------------------------------------------------------------
+
+export {
+  disableRobots
+}
diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts
index 5e47211b5..96c8adc99 100644
--- a/server/middlewares/validators/oembed.ts
+++ b/server/middlewares/validators/oembed.ts
@@ -62,12 +62,26 @@ const oembedValidator = [
 
     const url = req.query.url as string
 
+    let urlPath: string
+
+    try {
+      urlPath = new URL(url).pathname
+    } catch (err) {
+      return res.fail({
+        status: HttpStatusCode.BAD_REQUEST_400,
+        message: err.message,
+        data: {
+          url
+        }
+      })
+    }
+
     const isPlaylist = startPlaylistURLs.some(u => url.startsWith(u))
     const isVideo = isPlaylist ? false : startVideoURLs.some(u => url.startsWith(u))
 
     const startIsOk = isVideo || isPlaylist
 
-    const matches = watchRegex.exec(url)
+    const matches = watchRegex.exec(urlPath)
 
     if (startIsOk === false || matches === null) {
       return res.fail({