Introducing the Follow Button
Arnaud Meunier
Today we're launching the Follow Button! Similar to the Tweet Button,
it's a new widget that lets users easily follow a Twitter account from
any web page. The Follow Button has a single click follow experience,
simple implementation model, and is configurable to fit the needs of
your website.
Read our announcement on the Twitter blog, and use the resources below
to set up your own Follow Button:
- Create a Follow Button here: http://twitter.com/about/resources/followbutton
- Detailed documentation: http://dev.twitter.com/pages/follow_button
We’ve also added a Javascript layer to our Buttons and Web Intents
that makes it possible for you to detect how users are interacting
with these tools, and to hook them up to your own web analytics. More
details on: http://dev.twitter.com/pages/intents-events
We're excited to see how you guys will implement the Follow Button.
Let us know what you think, or if you have any questions.
Arnaud / @rno
Zazie Lavender
for a follow button seems written in a way that allows the user to
redress the link however they please. I see the main intent url as
being easily extracted for no-js users; but this means someone could
take that URL, redress it as a link someone would WANT to click on and
fool people into clicking such a button to boost their own follower
counts.
Since this is more of a security issue rather than a bug or a problem
as of yet, I figured why not just reply to this post rather than make
a big heyday about what I perceive as a weakness. If it's already on
the roadmap to improve this function as we go; or if the existing
structure of twitter disallows such an easy exploit then you may
safely disregard this post.
Please note that I have NOT tested this; I'm not going to because it's
better tested by the developers who know the code underlying that
services these requests...and it may not come to be an issue. I just
hope this button ISN'T a one-click follow for sake of security,
because I fear there will be some VERY annoyed honest users once
unscrupulous users begin to abuse this feature.
noriguard
Can I use this button for a user who is signed-in at a web service via
oauth, even when the user is signed-in at Twitter as other account or
signed-out?
Thank you in advance.
- Jason
Dan Webb
On Tue, May 31, 2011 at 1:43 PM, Zazie Lavender <zaziel...@gmail.com> wrote:
> This is great, but I worry that this might easily be abused. The code
> for a follow button seems written in a way that allows the user to
> redress the link however they please. I see the main intent url as
> being easily extracted for no-js users; but this means someone could
> take that URL, redress it as a link someone would WANT to click on and
> fool people into clicking such a button to boost their own follower
> counts.
We have anti-CSRF protection to prevent the follow endpoint being used
outside of the button. We also have malware detection in place so we
can quickly shut down abusive sites.
Thanks,
--
Dan Webb
Technical Lead, Twitter For Websites
d...@twitter.com / @danwrong
Arnaud Meunier
--
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
noriguard
- Jason
On May 31, 2:13 pm, Arnaud Meunier <arn...@twitter.com> wrote:
> Hey Jason,
>
> Just like the Tweet Button, the Follow Button is using twitter.com session.
> You cannot specify an "interacting account". It will always be the user
> logged in on twitter.com. Cf our User interaction flow for more details:https://dev.twitter.com/pages/follow_button#user-interaction
>
> Hope that helps,
M. Edward (Ed) Borasky
miscellaneous Twitter plugins, especially for WordPress. Last year,
when Twitter announced @anywhere, I tried a couple of plugins before
settling on one. What I got from that was hovercards, tweet boxes and
follow buttons.
A few months later, I discovered that the trips to Twitter servers
were slowing down my blog's page loads, so I stopped using @anywhere.
Since then, there have been some other JavaScript tools from Twitter,
and now this "Follow Button."
So I've put a follow button on my blog. So far it doesn't seem to be
slowing it down, but it's only been up a couple of hours. In any
event, is @anywhere "deprecated", in favor of the most popular single
functions from the collection, like follow buttons? Or are there
always going to be multiple "JavaScript / HTML widgets and gizmos"
coming from Twitter that users need to track?
--
http://twitter.com/znmeb http://borasky-research.net
"A mathematician is a device for turning coffee into theorems." -- Paul
Erdos
Quoting Arnaud Meunier <arn...@twitter.com>:
Taylor Singletary
M. Edward (Ed) Borasky
to think of a use case for @anywhere, being mid-way between Web
Intents and server-side REST functionality. In fact, I'm struggling to
think of a use case for the server-side stuff now. ;-)
"A mathematician is a device for turning coffee into theorems." -- Paul
Erdos
Quoting Taylor Singletary <taylorsi...@twitter.com>:
> Hi Ed,
>
> @Anywhere is an effort to provide a client-side authentication &
> authorization flow to Twitter REST API integrations: a simpler, more
> frictionless experience for common Twitter actions. While @Anywhere meets
> this criteria, there is obvious room for continued simplification, both for
> end-users and implementors. @Anywhere applications still require a developer
> to register an application and the end-user to make additional approvals for
> that application construct.
>
> The "Twitter for Websites" arm of the Twitter Platform (Tweet Button, Follow
> Button, and Web Intents) provides integrators with even simpler solutions
> that don't require API keys. By utilizing the end user's logged in state,
> the gulf between the user's intention to act and the action being
> accomplished is bridged. While the Buttons, like @anywhere, use Javascript,
> the building blocks they use, Web Intents, provide perhaps the most atomic
> form of frictionless integration: simple URLs that can be linked from any
> web-enabled context, with or without Javascript.
>
> Web Intents and the Tweet & Follow Buttons are the best fit for a wide swath
> of integration points. Deeper integrations are still best serviced by
> server-side REST integrations or @Anywhere.
>
> @episod <http://twitter.com/episod> - Taylor Singletary
badosa
button, but not in the "Following" text. Is this a bug or a feature?
Do you plan to support more languages in the future?
@badosa
Mathias Bynens
<script type="text/javascript">
(function(){
var twitterWidgets = document.createElement('script');
twitterWidgets.type = 'text/javascript';
twitterWidgets.async = true;
twitterWidgets.src = 'http://platform.twitter.com/widgets.js';
document.getElementsByTagName('head')
[0].appendChild(twitterWidgets);
})();
</script>
This could be optimized into:
<script>
(function(){
var twitterWidgets = document.createElement('script');
twitterWidgets.async = true;
twitterWidgets.src = 'http://platform.twitter.com/widgets.js';
(document.head || document.getElementsByTagName('head')
[0]).appendChild(twitterWidgets);
})();
</script>
Most of the optimizations I applied are explained in detail here:
http://mathiasbynens.be/notes/async-analytics-snippet
Note that the `.async=true` is only useful for Firefox 3.6 – in every
other browser, it doesn’t make a difference (as per the spec). You
could consider removing that as well in the near future. See
http://mathiasbynens.be/notes/async-analytics-snippet#async for more
information.
If you’re gonna append to the <head> anyway, you might as well use
`document.head` if it’s available: http://mathiasbynens.be/notes/document-head
However, a more robust cross-browser solution would be to insert the
dynamic script after or before the first <script>, like Google does
with its GA snippet.
Arnaud Meunier
David Huang
I was testing the new Follow button on my webpage and noticed that
"one-click" only works when the user have signed in to Twitter during
the same browsing session. If I relaunched the browser, even though
I'm still logged in to Twitter, clicking the Follow button would open
a popup. Am I missing anything, or is this the expected behavior?
Thanks,
David
> Today we're launching theFollowButton! Similar to the Tweet Button,
> it's a new widget that lets users easilyfollowa Twitter account from
> simple implementation model, and is configurable to fit the needs of
> your website.
>
> Read our announcement on the Twitter blog, and use the resources below
> to set up your ownFollowButton:
>
Pankaj Rohankar
I have added "Twitter Follow Button" on my page,
and tried http://dev.twitter.com/pages/intents-events,
following is the code snippet:
<script src="http://code.jquery.com/jquery-latest.js"></script>
<script type="text/javascript">
$(document).ready(function($) {
var e = document.createElement('script'); e.type="text/javascript";
e.async = true;
e.src = 'http://platform.twitter.com/widgets.js';
(document.getElementsByTagName('head')[0] ||
document.getElementsByTagName('body')[0]).appendChild(e);
$(e).load(function() {
function followIntentToAnalytics(intent_event) {
if (intent_event) {
var label = intent_event.data.user_id + " (" +
intent_event.data.screen_name + ")";
followME();
};
}
twttr.events.bind("follow",followIntentToAnalytics);
});
});
</script>
This code is executes in FF and Chrome and give call to customised
function "followME()".
But in IE its fail to give call customised function "followME()".
Why its not work in IE ?
Thank you in advance.
David Huang
http://status.twitter.com/post/6816501955/follow-button-off-line
Thanks,
David
Matt Harris
Pankaj Rohankar
Thanks & Regards.
Pankaj Rohankar.
Mob ( WWP++.PG.P )
Taylor Singletary
@episod - Taylor Singletary