diff --git a/src/routes.zig b/src/routes.zig
index 7477d6c..dc64bf6 100644
--- a/src/routes.zig
+++ b/src/routes.zig
@@ -258,7 +258,7 @@ pub fn vidsRoute(
             const filepath = try std.fs.path.resolve(std.heap.c_allocator, &.{ state.vids_dir, basepath });
             defer std.heap.c_allocator.free(filepath);
 
-            if (std.mem.startsWith(u8, filepath, ".."))
+            if (std.fs.path.isAbsolute(filepath) or std.mem.startsWith(u8, filepath, ".."))
                 return c.OCS_FORBIDDEN;
 
             const filepath_z = try std.heap.c_allocator.dupeZ(u8, filepath);