How we solved LinkedIn blocking free Cloudflare domain links

LinkedIn blocks links coming from free Cloudflare domains like .pages.dev, which caused problems when sharing our projects such as Intern2Grow.
Users saw “unsafe” warnings or LinkedIn refused to open the links.

The solution

We built a Redirection Handler hosted on a GitHub-owned domain. The link we share on LinkedIn points to this handler and includes a URL parameter like:
?redirect=intern2grow

The handler reads the parameter value and checks whether it exists in a predefined redirectUrls JavaScript object.
If the key is valid, the user is redirected to the correct target after a short delay.

The redirectUrls object stores the list of destinations we want to share on LinkedIn — sites that face the same blocking issue (for example, Intern2Grow).

Why use a redirect key instead of accepting a full URL parameter?

If we accepted a full URL as a parameter, anyone could abuse our handler to send users to malicious sites (phishing, scams, malware).
By restricting redirects to keys that map to trusted destinations in redirectUrls, we guarantee redirects only go to approved sites.

We also support an optional path parameter so we can forward users to internal pages within those projects (e.g. /courses/1) without allowing external domains. This preserves flexibility while keeping security tight.

The outcome

We successfully bypassed LinkedIn’s block on free Cloudflare domains.
Users are securely redirected to the intended project pages.
We closed off the possibility of the redirector being exploited for malicious redirects.

Conclusion

Creating a simple, whitelist-based Redirection Handler let us share links on LinkedIn reliably while protecting users from potential abuse. It’s a small change that preserves both reach and security.