Add rel="nofollow" admin setting is not working right, its making parent domain link as nofollow

There is a setting in Admin panel:
add rel nofollow to user content: Add rel nofollow to all submitted user content, except for internal links (including parent domains). If you change this, you must rebake all posts with: “rake posts:rebake”

This setting is by default checked but all the links of parent domain is putting up with nofollow attribute.

Please use following steps to replicate:

1 Go to admin panel and search for setting “add rel nofollow to user content”, just to make sure it is checked

2 Create a new post and put link of root domain

3 Inserted link automatically append with rel=“nofollow” attribute despite of being a parent domain link

That does seem like a regression @sam

not following, how are you changing site setting on

He’s not, the idea that links to

are nofollowed from

does not seem in tune with the description of the setting:

add rel nofollow to all submitted user content, except for internal links (including parent domains)

1 Like

I think @eviltrout wrote this but my guess is that is not considered … only is.

Yes but I think it should be. Any subdomain of the parent domain should be followed.

Perhaps you can take this @techapj?

1 Like

Looks like is the code that does it. It seems that would not match

Are we sure we’d want it to do that? It might be weird from a security standpoint to make try match www.


Speaking for Sitepoint, I could see use out of it with our article integration. Having sitepoint articles followed by default would make a lot of sense and in our case it would be matching

I would think other article integrated sites would see value in it too.


It really should work this way.


Fixed via:

Also there was bug when domain like is added in exclude_rel_nofollow_domains setting, then domain like was also being allowed to be excluded from nofollow. Fixed that too.


It’s not that simple.

uri_domain =  
uri_domain = "#{'.')[1]}.#{'.')[2]}" if &&'.').size == 3  
uri_domain = "#{'.')[1]}.#{'.')[2]}.#{'.')[3]}" if &&'.').size == 4  

This code fails when people use naked ccSLD’s like (will follow everything in

Also will follow everything at

You should use View the Public Suffix List to resolve this…

1 Like

This is about “making links follow” (technically, not making them nofollow), not about making them nofollow.
Or is that what you mean?

1 Like

Yes, edited. Thanks.

Thanks for pointing this out. Will fix.

This is the desired behaviour. If the instance is hosted at then everything at should be followed.

Yes I agree, initially I used publicsuffix-ruby gem to achieve this, but all tests broke… :disappointed: Will try to fix tests.

Updated the PR to use publicsuffix-ruby gem. Tests are passing.

1 Like

I am worried about this kind of stuff, how heavy is this dependency ?

This is a 150k file I bet this bloats us with 10k extra strings at least

1 Like

I do not think a whole library should be necessary for this change @techAPJ

Why can’t the test be “ends with correct domain suffix” and then “anything else on front with a period between”?

It’s because the requirements are like this:

  • Discourse at
  • - followed
  • - followed
  • - followed
  • - nofollow
  • Discourse at
  • - nofollow
  • - nofollow
  • Discourse at
  • website./ - nofollow
  • - nofollow

You can’t tell those apart with the number of dots.

1 Like

Number of dots should not be used.

Known domain name suffix of site should be used, e.g.

With the rule being “any domain name with a dot plus this suffix is followed”

If necessary add another site setting to hold this value. If the value is not present, the nofollow will simply not be as accurate, e.g. it will nofollow stuff that it technically should not. It errs on the side of caution.

That’s much preferable to a giant library dependency…


Worst case, default to the discourse domain, that way, once added, it only no-follows internal links; ie:, and we’d have to make it more generic by changing it to

However, it needs to be able to not match or similar related URL renderings.