Twitter what have you done, it takes WEEKS to get updates through
Apple's review process and now you break all apps that use oAuth
through embedded browser controls, and yet seriously how is it any
different to using xAuth.

Please restore this ASAP!

On May 1, 12:54 am, Matthieu GD <matthie...@gmail.com> wrote:
> On Apr 30, 7:13 pm, Tom van der Woerdt <i...@tvdw.eu> wrote:
>
>
>
>
>
> > On 5/1/11 12:47 AM, Matthieu GD wrote:> On Apr 30, 12:09 pm, Tom van der 
> > Woerdt<i...@tvdw.eu>  wrote:
> > >> I've heard this before.
>
> > >> It sounds like all UIWebView, WebBrowser and probably Android's WebView
> > >> are blocked. This is definitely a *good* thing for security reasons.
> > > They are not blocked, it's *only* a problem of layout.
>
> > Are you sure? A block of CSS saying "html { display: none; }" doesn't
> > look like a problem, more like a feature.>> The "workaround" I recommend: 
> > launch the actual browser, using a
> > >> <yourapp>:// link (something like myapplication://tokenDone) as the
> > >> return URL. This is a LOT safer for the users.
> > > I have the same problem, and I don't see why using a webcontrol is a
> > > security problem. Since xauth is the exception, why twitter is making
> > > the use of oauth so hard ?
>
> > You should read the article athttp://goo.gl/xI0PZ
>
> Not sure if my previous message get trough.
>
> ok now we know it's insecure. But why removing the page without notice
> since it's not easy to deploy a new version of a native application?
> We have lived with xAuth (and it's still used by some applications
> like full-fledged clients) during several months until oauth was
> ready.
>
> Matthieu

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Reply via email to