Quoting DeWitt Clinton <dclin...@gmail.com>:
Awesome, thanks for the quick response!
Those are the right answers, too. : )
Though there's an inconsistency with returning 301's and also requiring
every click to go through the t.co link (as required by the ToS). A 301
means that the redirect is cacheable by any intermediary (because it is
permanent and will never change).
The 301 also implies that you actually *can* replace only the malicious
links, (not every link), because clients will already have resolved and
cached the 301 redirects (which again, can never change), so you won't be
able to change the redirect down the road anyway.
So, I think you might actually have meant to use 302's, not 301's, if
redirecting every click is the goal.
But then again, 301's really are the (philosophically? morally?) right
answer, so maybe I *don't* want you to fix that. : )
Or better still, resolving *all* URLs upfront and returning the full URL
inline, making tweets longer than 140 characters, and stopping this whole
URL shortening nonsense to begin with. (But you knew I'd say that...!)
Well ... while we're on the subject ... since we're talking *tweets*
and not arbitrary text from just anywhere, why do we have to waste
seven characters with the "http://"? Can't it just be "t.co/abcdef"?
After all, the receiver got the message from Twitter, not from thin
air, and can easily supply the "http://". You're never going to have
an "ftp://t.co", "file://t.co", etc., right?