SECURITY: do not follow canonical links (#478)

SECURITY: do not follow canonical links (#478)

diff --git a/lib/onebox/helpers.rb b/lib/onebox/helpers.rb
index 6b8f4d3..64cfcdc 100644
--- a/lib/onebox/helpers.rb
+++ b/lib/onebox/helpers.rb
@@ -26,23 +26,7 @@ module Onebox
 
     def self.fetch_html_doc(url, headers = nil, body_cacher = nil)
       response = (fetch_response(url, headers: headers, body_cacher: body_cacher) rescue nil)
-      doc = Nokogiri::HTML(response)
-      uri = Addressable::URI.parse(url)
-
-      ignore_canonical_tag = doc.at('meta[property="og:ignore_canonical"]')
-      should_ignore_canonical = IGNORE_CANONICAL_DOMAINS.map { |hostname| uri.hostname.match?(hostname) }.any?
-
-      unless (ignore_canonical_tag && ignore_canonical_tag['content'].to_s == 'true') || should_ignore_canonical
-        # prefer canonical link
-        canonical_link = doc.at('//link[@rel="canonical"]/@href')
-        canonical_uri = Addressable::URI.parse(canonical_link)
-        if canonical_link && "#{canonical_uri.host}#{canonical_uri.path}" != "#{uri.host}#{uri.path}"
-          response = (fetch_response(canonical_uri.to_s, headers: headers, body_cacher: body_cacher) rescue nil)
-          doc = Nokogiri::HTML(response) if response
-        end
-      end
-
-      doc
+      Nokogiri::HTML(response)
     end
 
     def self.fetch_response(location, redirect_limit: 5, domain: nil, headers: nil, body_cacher: nil)
diff --git a/lib/onebox/version.rb b/lib/onebox/version.rb
index 24ed330..19f2a97 100644
--- a/lib/onebox/version.rb
+++ b/lib/onebox/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Onebox
-  VERSION = "2.2.16"
+  VERSION = "2.2.17"
 end

GitHub sha: 5db2ed87ad9f2aa99e7f125c94eb54aa7632120e

This commit appears in #478 which was approved by ZogStriP. It was merged by techAPJ.