diff --git a/lib/mobilizon_web/controllers/activity_pub_controller.ex b/lib/mobilizon_web/controllers/activity_pub_controller.ex
index 6adb0f8d2..4ffae9395 100644
--- a/lib/mobilizon_web/controllers/activity_pub_controller.ex
+++ b/lib/mobilizon_web/controllers/activity_pub_controller.ex
@@ -42,7 +42,16 @@ defmodule MobilizonWeb.ActivityPubController do
          true <- event.visibility in [:public, :unlisted] do
       conn
       |> put_resp_header("content-type", "application/activity+json")
-      |> json(ObjectView.render("event.json", %{event: event |> Utils.make_event_data()}))
+      |> json(
+        ObjectView.render(
+          "event.json",
+          %{
+            event:
+              event
+              |> Utils.make_event_data()
+          }
+        )
+      )
     else
       {:ignore, _} ->
         {:error, :not_found}
@@ -55,15 +64,22 @@ defmodule MobilizonWeb.ActivityPubController do
   @spec comment(Plug.Conn.t(), map()) :: Plug.Conn.t()
   def comment(conn, %{"uuid" => uuid}) do
     with {status, %Comment{} = comment} when status in [:ok, :commit] <-
-           Events.get_cached_comment_full_by_uuid(uuid) do
-      # Comments are always public for now
-      # TODO : Make comments maybe restricted
-      # true <- comment.public do
+           Events.get_cached_comment_full_by_uuid(uuid),
+         true <- comment.visibility in [:public, :unlisted] do
       conn
       |> put_resp_header("content-type", "application/activity+json")
-      |> json(ObjectView.render("comment.json", %{comment: comment |> Utils.make_comment_data()}))
+      |> json(
+        ObjectView.render(
+          "comment.json",
+          %{
+            comment:
+              comment
+              |> Utils.make_comment_data()
+          }
+        )
+      )
     else
-      {:ignore, _} ->
+      _ ->
         {:error, :not_found}
     end
   end
diff --git a/lib/mobilizon_web/controllers/page_controller.ex b/lib/mobilizon_web/controllers/page_controller.ex
index 7d00df912..f3a3f5978 100644
--- a/lib/mobilizon_web/controllers/page_controller.ex
+++ b/lib/mobilizon_web/controllers/page_controller.ex
@@ -60,10 +60,8 @@ defmodule MobilizonWeb.PageController do
     case get_format(conn) do
       "html" ->
         with {status, %Comment{} = comment} when status in [:ok, :commit] <-
-               Events.get_cached_comment_full_by_uuid(uuid) do
-          # Comments are always public for now
-          # TODO : Make comments maybe restricted
-          # true <- comment.public do
+               Events.get_cached_comment_full_by_uuid(uuid),
+             true <- comment.visibility in [:public, :unlisted] do
           render_with_meta(conn, comment)
         else
           _ -> {:error, :not_found}
diff --git a/test/mobilizon_web/controllers/activity_pub_controller_test.exs b/test/mobilizon_web/controllers/activity_pub_controller_test.exs
index ea99a3ae0..b5217964c 100644
--- a/test/mobilizon_web/controllers/activity_pub_controller_test.exs
+++ b/test/mobilizon_web/controllers/activity_pub_controller_test.exs
@@ -69,17 +69,16 @@ defmodule MobilizonWeb.ActivityPubControllerTest do
                ObjectView.render("comment.json", %{comment: comment |> Utils.make_comment_data()})
     end
 
-    # TODO !
-    # test "it returns 404 for non-public comments", %{conn: conn} do
-    #   event = insert(:event, public: false)
+    test "it returns 404 for non-public comments", %{conn: conn} do
+      comment = insert(:comment, visibility: :private)
 
-    #   conn =
-    #     conn
-    #     |> put_req_header("accept", "application/activity+json")
-    #     |> get("/events/#{event.uuid}")
+      conn =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get(Routes.page_url(Endpoint, :comment, comment.uuid))
 
-    #   assert json_response(conn, 404)
-    # end
+      assert json_response(conn, 404)
+    end
   end
 
   describe "/@:preferred_username/inbox" do
diff --git a/test/mobilizon_web/controllers/page_controller_test.exs b/test/mobilizon_web/controllers/page_controller_test.exs
index 30b7d512a..a7c871bb8 100644
--- a/test/mobilizon_web/controllers/page_controller_test.exs
+++ b/test/mobilizon_web/controllers/page_controller_test.exs
@@ -43,5 +43,20 @@ defmodule MobilizonWeb.PageControllerTest do
     assert html_response(conn, 404)
   end
 
-  # TODO: Comments
+  test "GET /comments/:uuid", %{conn: conn} do
+    comment = insert(:comment)
+    conn = get(conn, Routes.page_url(Endpoint, :comment, comment.uuid))
+    assert html_response(conn, 200)
+  end
+
+  test "GET /comments/:uuid with not existing comment", %{conn: conn} do
+    conn = get(conn, Routes.page_url(Endpoint, :comment, "not_existing_comment"))
+    assert html_response(conn, 404)
+  end
+
+  test "GET /comments/:uuid with comment not public", %{conn: conn} do
+    comment = insert(:comment, visibility: :private)
+    conn = get(conn, Routes.page_url(Endpoint, :comment, comment.uuid))
+    assert html_response(conn, 404)
+  end
 end