Re: [twitter-dev] Re: Introducing the Follow Button

2011-05-31 Thread Dan Webb 
Hi Zazie,

On Tue, May 31, 2011 at 1:43 PM, Zazie Lavender zazielaven...@gmail.com wrote:
 This is great, but I worry that this might easily be abused. The code
 for a follow button seems written in a way that allows the user to
 redress the link however they please. I see the main intent url as
 being easily extracted for no-js users; but this means someone could
 take that URL, redress it as a link someone would WANT to click on and
 fool people into clicking such a button to boost their own follower
 counts.


We have anti-CSRF protection to prevent the follow endpoint being used
outside of the button.  We also have malware detection in place so we
can quickly shut down abusive sites.

Thanks,

-- 
Dan Webb
Technical Lead, Twitter For Websites
d...@twitter.com / @danwrong

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

Re: [twitter-dev] Re: alert() in anywhere.js

2010-05-19 Thread Dan Webb 
On Wed, May 19, 2010 at 11:27 AM, Steve C st...@twitpic.com wrote:
 We just rolled out @anywhere yesterday and some of our users are
 experiencing similar issues.

 http://twitpic.com/1p00d6

We rolled out a fix at the weekend that we fixed all the browsers that
we test under but there are obviously still some browsers getting the
issue.  I think we'll use console.info to display these message
instead of an alert.  We wanted to let developers know that they
needed a clientID in the most noticable way but to avoid unintended
annoyance of users we'll move to console.log.

Thanks,

-- 
Dan Webb
Front-end Engineer, Platform
d...@twitter.com / @danwrong
+1 415 425 5631

Re: [twitter-dev] Re: alert() in anywhere.js

2010-05-19 Thread Dan Webb 
On Wed, May 19, 2010 at 11:48 AM, Damon Clinkscales sca...@pobox.com wrote:
 On Wed, May 19, 2010 at 1:41 PM, Dan Webb d...@twitter.com wrote:
 On Wed, May 19, 2010 at 11:27 AM, Steve C st...@twitpic.com wrote:

 Just wondering...does TwitPic have a bug or misconfiguration or is
 this an @anywhere bug?

Javascript errors at startup time (in these cases by browser bugs in
certain browsers that we don't support) are causing the initialization
to terminate early leaving the client ID unset.  We're going to ensure
that unsupport browsers fail silently rather than triggering this
alert.

ETA for fix is within the hour.

-- 
Dan Webb
Front-end Engineer, Platform
d...@twitter.com / @danwrong
+1 415 425 5631

Re: [twitter-dev] Re: alert() in anywhere.js

2010-05-16 Thread Dan Webb 
This does sound like a regression of some kind.  We'll get this fixed ASAP.

On Sat, May 15, 2010 at 3:41 PM, JohnB johnfakor...@yahoo.com wrote:

 Are we really talking about incorrect installations here? Twitter's
 own @Anywhere documentation page (http://dev.twitter.com/anywhere/
 begin) is throwing this same error in older browsers, including Chrome
 3.0.195.


-- 
Dan Webb
Front-end Engineer, Platform
d...@twitter.com / @danwrong
+1 415 425 5631

Re: [twitter-dev] @anywhere in Safari4/Mac - wont work

2010-05-13 Thread Dan Webb 
It looks to me like your hovercards are not finding a screen name
rather than it being a browser issue.  The Unsafe javascript attempt
is a warning and does not effect operation.

On Wed, May 12, 2010 at 8:17 AM, Felix Kunsmann fe...@kunsmann.eu wrote:
 Hello,

 I'm trying to use @anywhere hovercards in my Blog (Link below). It seems that 
 Safari is blocking all requests to Twitter, so is there a way to fix that (or 
 to duplicate hovercard functionality)?


-- 
Dan Webb
Front-end Engineer, Platform
d...@twitter.com / @danwrong
+1 415 425 5631

Re: [twitter-dev] Re: Verify user connect with @anywhere?

2010-05-13 Thread Dan Webb 
Shortly we'll be providing the logged in user's id along with a
signature that will allow you to verify it is genuine.  Stay tuned.

On Wed, May 12, 2010 at 6:14 PM, Abraham Williams 4bra...@gmail.com wrote:
 I don't think it is officially supported as a public API but you can pull
 the twttr_anywhere cookie which contains an access token.
 https://api.twitter.com/1/account/verify_credentials.xml?oauth_access_token=xyz
 Abraham



-- 
Dan Webb
Front-end Engineer, Platform
d...@twitter.com / @danwrong
+1 415 425 5631

Re: [twitter-dev] jQuery being loaded multiple times using @anywhere

2010-04-16 Thread Dan Webb 
Hi Matt,

At the moment there are 2 references to jQuery.  We'd rather load in
our own version of JQuery rather than detecting it in partner pages so
we can be assured of the version we are running on top of.  The reason
its loaded twice is that it's used both on the client and on the
server that exists in a hidden iframe.  A large amount of users will
have google's jQuery cached so it doesn't slow performance too much.
That being said we will continue to tune @anywhere and removing
external dependencies will be something we'll definitely be looking
at.

Thanks,

Dan

On Fri, Apr 16, 2010 at 8:49 AM, Matt m...@indielabs.com wrote:
 We've just implemented @anywhere's hovercard feature on our website
 and noticed that in addition to the initial loading of jQuery from
 Google which we were already doing, by including the Twitter script it
 loads jQuery 2 or 3 more times from Google. This should be fixed to
 only load jQuery once if it is not already detected.

 Here is the script we're using:

 script src=http://platform.twitter.com/anywhere.js?
 id=OURAPIKEYISHEREv=1/script
 script type=text/javascript
 twttr.anywhere(function(twitter) {
  twitter('.twitter a').hovercards({
    infer: true
  });
 });
 /script


 --
 Subscription settings: 
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en




-- 
Dan Webb
Front-end Engineer, Web Client
d...@twitter.com / @danwrong
+1 415 425 5631

Re: [twitter-dev] Re: parent.twttr.anywhere._signedOutCookiePresent

2010-04-16 Thread Dan Webb 
Apologies for this.  There was an issue with our CDN causing this
which we've now fixed.  It's not related to cookies.

Thanks,

Dan

On Fri, Apr 16, 2010 at 2:54 PM, Jon j...@jgubman.com wrote:
 I was getting that same error earlier. Clearing out my cookies seemed
 to fix it, but doesn't instill confidence...

 On Apr 16, 2:25 pm, Craig cbernst...@gmail.com wrote:
 Hello,

 @Anywhere (just a simple install following the Getting Started
 instructions) worked on my site yesterday. Today, it is dead:

 platform0.twitter.com/1/javascripts/client.js:1:

 Uncaught TypeError: Object function (Z,b){if(typeof Z==function)
 {b=Z;Z=twttr.anywhere._config.defaultVersion}if(!
 twttr.anywhere._config.clientID){return alert(To set up @anywhere,
 please provide a client ID)}if(D==callback||D==headless){return }
 var Y;var a=twttr.anywhere._instances;if(typeof Z===string||typeof
 Z===number){Z={version:Z}}Z.version=(Z.version)?
 Z.version.toString():twttr.anywhere._config.defaultVersion;Z=E({window:window},Z);if((Y=a[Z.version]))
 {if(Y.contentWindow._ready){Y.contentWindow._init(b,Z)}
 else{U(Y.contentWindow,b,Z)}}else{T(Z,b)}} has no method
 '_signedOutCookiePresent'

 Oops?
 Craig

 --
 Subscription 
 settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en




-- 
Dan Webb
Front-end Engineer, Web Client
d...@twitter.com / @danwrong
+1 415 425 5631

[twitter-dev] Re: @anywhere sign in button disappearing

2010-04-15 Thread Dan Webb 
Hi Aral,

So the connect button disappears entirely after you've connected?  If
you reply with steps to reproduce we can look in to it.

Thanks,

Dan

On Apr 15, 8:48 am, Aral Balkan aralbal...@gmail.com wrote:
 Definitely seeing it disappear while logged into a different account. Not
 sure if some oAuth session is being cached or something.

 Aral


-- 
To unsubscribe, reply using remove me as the subject.

[twitter-dev] Re: twitter.User.current.data is not a function

2010-04-15 Thread Dan Webb 
The way to acheive this best would be:

twttr.anywhere(function(twitter)
{
  if (twitter.isConnected())
  {
alert(ttwitter.currentUser.data('screen_name'));
  }
  else
  {
twitter(#connectArea).connectButton({size: large});
  }
});

Thanks,

Dan

On Apr 15, 7:46 am, silentgecko rwelb...@brainpool.de wrote:
 Same Problem here

 On 15 Apr., 09:47, Palleas pall...@gmail.com wrote:



  Hi all,

  I gave a try to Anywhere connect, and I have a weird issue, even if
  I'm using the official example provided on the website.
  Here is what I'm doing :

  twttr.anywhere(function(twitter)
  {
    if (twitter.isConnected)
    {
      alert(twitter.User.current.data(screen_name));
    }
    else
    {
      twitter(#connectArea).connectButton({size: large});
    }

  });

  But this is what I got from firefox and Chrome :

  twitter.User.current.data is not a function
  [Break on this error] alert(twitter.User.current.data(screen_name));
  

  Any hints?
  Thanks!


-- 
To unsubscribe, reply using remove me as the subject.