diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts
index 5e47211b5..96c8adc99 100644
--- a/server/middlewares/validators/oembed.ts
+++ b/server/middlewares/validators/oembed.ts
@@ -62,12 +62,26 @@ const oembedValidator = [
const url = req.query.url as string
+ let urlPath: string
+
+ try {
+ urlPath = new URL(url).pathname
+ } catch (err) {
+ return res.fail({
+ status: HttpStatusCode.BAD_REQUEST_400,
+ message: err.message,
+ data: {
+ url
+ }
+ })
+ }
+
const isPlaylist = startPlaylistURLs.some(u => url.startsWith(u))
const isVideo = isPlaylist ? false : startVideoURLs.some(u => url.startsWith(u))
const startIsOk = isVideo || isPlaylist
- const matches = watchRegex.exec(url)
+ const matches = watchRegex.exec(urlPath)
if (startIsOk === false || matches === null) {
return res.fail({
diff --git a/server/tests/api/server/services.ts b/server/tests/api/server/services.ts
index 69d030dbb..3a87df981 100644
--- a/server/tests/api/server/services.ts
+++ b/server/tests/api/server/services.ts
@@ -52,42 +52,46 @@ describe('Test services', function () {
it('Should have a valid oEmbed video response', async function () {
for (const basePath of [ '/videos/watch/', '/w/' ]) {
- const oembedUrl = 'http://localhost:' + server.port + basePath + video.uuid
+ for (const suffix of [ '', '?param=1' ]) {
+ const oembedUrl = server.url + basePath + video.uuid + suffix
- const res = await server.services.getOEmbed({ oembedUrl })
- const expectedHtml = ''
- const expectedThumbnailUrl = 'http://localhost:' + server.port + video.previewPath
+ const res = await server.services.getOEmbed({ oembedUrl })
+ const expectedHtml = ''
+ const expectedThumbnailUrl = 'http://localhost:' + server.port + video.previewPath
- expect(res.body.html).to.equal(expectedHtml)
- expect(res.body.title).to.equal(video.name)
- expect(res.body.author_name).to.equal(server.store.channel.displayName)
- expect(res.body.width).to.equal(560)
- expect(res.body.height).to.equal(315)
- expect(res.body.thumbnail_url).to.equal(expectedThumbnailUrl)
- expect(res.body.thumbnail_width).to.equal(850)
- expect(res.body.thumbnail_height).to.equal(480)
+ expect(res.body.html).to.equal(expectedHtml)
+ expect(res.body.title).to.equal(video.name)
+ expect(res.body.author_name).to.equal(server.store.channel.displayName)
+ expect(res.body.width).to.equal(560)
+ expect(res.body.height).to.equal(315)
+ expect(res.body.thumbnail_url).to.equal(expectedThumbnailUrl)
+ expect(res.body.thumbnail_width).to.equal(850)
+ expect(res.body.thumbnail_height).to.equal(480)
+ }
}
})
it('Should have a valid playlist oEmbed response', async function () {
for (const basePath of [ '/videos/watch/playlist/', '/w/p/' ]) {
- const oembedUrl = 'http://localhost:' + server.port + basePath + playlistUUID
+ for (const suffix of [ '', '?param=1' ]) {
+ const oembedUrl = server.url + basePath + playlistUUID + suffix
- const res = await server.services.getOEmbed({ oembedUrl })
- const expectedHtml = ''
+ const res = await server.services.getOEmbed({ oembedUrl })
+ const expectedHtml = ''
- expect(res.body.html).to.equal(expectedHtml)
- expect(res.body.title).to.equal('The Life and Times of Scrooge McDuck')
- expect(res.body.author_name).to.equal(server.store.channel.displayName)
- expect(res.body.width).to.equal(560)
- expect(res.body.height).to.equal(315)
- expect(res.body.thumbnail_url).exist
- expect(res.body.thumbnail_width).to.equal(280)
- expect(res.body.thumbnail_height).to.equal(157)
+ expect(res.body.html).to.equal(expectedHtml)
+ expect(res.body.title).to.equal('The Life and Times of Scrooge McDuck')
+ expect(res.body.author_name).to.equal(server.store.channel.displayName)
+ expect(res.body.width).to.equal(560)
+ expect(res.body.height).to.equal(315)
+ expect(res.body.thumbnail_url).exist
+ expect(res.body.thumbnail_width).to.equal(280)
+ expect(res.body.thumbnail_height).to.equal(157)
+ }
}
})