FIX: Respect blocked domains list when redirecting (#15656)

Our previous implementation used a simple `blocked_domain_array.include?(hostname)`
so some values were not matching. Additionally, in some configurations like ours, we'd used
"cat.*.dog.com" with the assumption we'd support globbing.

This change implicitly allows globbing by blocking "http://a.b.com" if "b.com" is a blocked 
domain but does not actively do anything for "*".

An upcoming change might include frontend validation for values that can be inserted.

lib/inline_oneboxer.rb

@@ -51,7 +51,6 @@ class InlineOneboxer
 
     always_allow = SiteSetting.enable_inline_onebox_on_all_domains
     allowed_domains = SiteSetting.allowed_inline_onebox_domains&.split('|') unless always_allow
-    blocked_domains = SiteSetting.blocked_onebox_domains&.split('|')
 
     if always_allow || allowed_domains
       uri = begin
@@ -62,7 +61,7 @@ class InlineOneboxer
       if uri.present? &&
         uri.hostname.present? &&
         (always_allow || allowed_domains.include?(uri.hostname)) &&
-        !blocked_domains.include?(uri.hostname)
+        !domain_is_blocked?(uri.hostname)
         title = RetrieveTitle.crawl(url)
         title = nil if title && title.length < MIN_TITLE_LENGTH
         return onebox_for(url, title, opts)
@@ -74,6 +73,12 @@ class InlineOneboxer
 
   private
 
+  def self.domain_is_blocked?(hostname)
+    SiteSetting.blocked_onebox_domains&.split('|').any? do |blocked|
+      hostname == blocked || hostname.end_with?(".#{blocked}")
+    end
+  end
+
   def self.onebox_for(url, title, opts)
     title = title && Emoji.gsub_emoji_to_unicode(title)
     if title && opts[:post_number]