Prevent to linkify when there is a redirect

If I understand correctly, Discourse is using GitHub - markdown-it/linkify-it: Links recognition library with full unicode support in order to provide a nice link with a title. For example, the previous link gives a nice title GitHub - markdown-it/linkify-it: Links recognition library with full unicode support.

I have however the following issue: to access some of the links posted, you must be authenticated in some other tool (e.g. Jira, Google…). So what happen is that all the links (and blocs for some of the transformed URLs) will just show Login to support or Meet Google Drive – One place for all your files[...] which is not really nice.

Is there already an existing feature or component/plugin allowing to pre-test the URL and in case there is a redirect, to not give a title to the URL?


Yes, our general solution here is using the blocked onebox domains site setting.

Add all the internal “requires login” URLs into that list.

I do wonder @nat/@codinghorror if we should add a sledghammer setting here.

block onebox on redirect - that setting can completely block any oneboxes if a redirect gets involved. It gives a very simple lever to control this behavior unconditionally across multiple domains.


Thank you for the hint for the internal links.
The more generic feature with block onebox on redirect would be greatly appreciated as we do not know ahead the full list that users might post.

This seems to not work for the linkified link that are not updated into “onebox” but just being turned into a title (e.g our internal link Log in - Sqills Jira turns into Log in - Sqills Jira but the base URL just gives as title of the link).


There is certainly a confusing bug here we should get sorted.

I just blocked and confirm it is doing what it is supposed to for but sadly is cached server side for 24 hours and rebuilding HTML is not busting the cache.

We will get this small niggle sorted out this week so we reduce support around this. Blocking redirect as an option sounds great to me, we may be able to squeeze this in. Maybe block onebox on cross domain redirect is better, or maybe that is too much fidelity… not sure.


This is fixed in:

Now when a post is rebuilt, the cache entries for all links in the post are removed prior to doing the rebuilding.

And here’s a PR for adding a block_onebox_on_redirect site setting:

When block_onebox_on_redirect is enabled, Discourse will never onebox URLs that redirect. The only exception to this is if a URL is http and redirects to the https version of the URL. This is done because it’s very common for sites that support TLS to redirect http traffic to https and so the onebox should still work if a user e.g. types out a link with http and the site redirects to https.