diff --git a/app/controllers/intents_controller.rb b/app/controllers/intents_controller.rb
index 504befd1f..56129d69a 100644
--- a/app/controllers/intents_controller.rb
+++ b/app/controllers/intents_controller.rb
@@ -1,9 +1,10 @@
 # frozen_string_literal: true
 
 class IntentsController < ApplicationController
-  def show
-    uri = Addressable::URI.parse(params[:uri])
+  before_action :check_uri
+  rescue_from Addressable::URI::InvalidURIError, with: :handle_invalid_uri
 
+  def show
     if uri.scheme == 'web+mastodon'
       case uri.host
       when 'follow'
@@ -15,4 +16,18 @@ class IntentsController < ApplicationController
 
     not_found
   end
+
+  private
+
+  def check_uri
+    not_found if uri.blank?
+  end
+
+  def handle_invalid_uri
+    not_found
+  end
+
+  def uri
+    @uri ||= Addressable::URI.parse(params[:uri])
+  end
 end
diff --git a/spec/controllers/intents_controller_spec.rb b/spec/controllers/intents_controller_spec.rb
new file mode 100644
index 000000000..3dde7f835
--- /dev/null
+++ b/spec/controllers/intents_controller_spec.rb
@@ -0,0 +1,50 @@
+require 'rails_helper'
+
+RSpec.describe IntentsController, type: :controller do
+  render_views
+
+  let(:user) { Fabricate(:user) }
+  before { sign_in user, scope: :user }
+
+  describe 'GET #show' do
+    subject { get :show, params: { uri: uri } }
+
+    context 'when schema is web+mastodon' do
+      context 'when host is follow' do
+        let(:uri) { 'web+mastodon://follow?uri=test' }
+
+        it { is_expected.to redirect_to authorize_follow_path(acct: 'test') }
+      end
+
+      context 'when host is share' do
+        let(:uri) { 'web+mastodon://share?text=test' }
+
+        it { is_expected.to redirect_to share_path(text: 'test') }
+      end
+
+      context 'when host is none of the above' do
+        let(:uri) { 'web+mastodon://test' }
+
+        it { is_expected.to have_http_status 404 }
+      end
+    end
+
+    context 'when schema is not web+mastodon' do
+      let(:uri) { 'api+mastodon://test.com' }
+
+      it { is_expected.to have_http_status 404 }
+    end
+
+    context 'when uri param is blank' do
+      let(:uri) { '' }
+
+      it { is_expected.to have_http_status 404 }
+    end
+
+    context 'when uri is invalid' do
+      let(:uri) { 'invalid uri://test.com' }
+
+      it { is_expected.to have_http_status 404 }
+    end
+  end
+end