Client-side POST for authenticated API request?

2008-10-12 Thread jazzychad 

Hi All,

For one of my webapps, I am trying to have all of the functionality
driven on the client-side as much as possible.  One of the features I
would like to have is to list a user's direct messages in a sidebar or
something.  I would really like to use the json feed to get the data,
and have some javascript parse and display it. The problem is that
this request requires a POST and HTTP Authentication, so I can't
exactly just put script src=http://twitter.com/direct_messages.json;
type=text/javascript/script in my code and have it load
properly.  Likewise, I cannot create an AJAX request (from jquery or
some such library) for http://twitter.com/direct_messages.json;
because that runs into the cross-site request restriction.  In the
past I have gotten around this by making a local php proxy page that
actaully uses cURL behind the scenes to get the remote data and use
that page in the AJAX request, but this is just a kludge and really
becomes a server-side function, potentially becoming a bottleneck.

So, does anyone know of a way to make a truly client-side request for
this data while taking care of the POST and authentication
requirements?

Thanks for any info,
-Chad

Re: statuses/update.json is not returning proper data

2008-10-12 Thread Alex Payne 


A fix for this was pushed out yesterday. Thanks for the report.

--
Alex Payne

On Oct 11, 2008, at 10:02, Ed Finkler [EMAIL PROTECTED] wrote:



The JSON response for update.json seems to be returning the wrong
data. I'd expect a standard status object, but I'm getting a
completely different object that looks to be specific to a particular
application (maybe the Twitter.com web site).

The Request:
---
POST /statuses/update.json HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en)
AppleWebKit/420+ (KHTML, like Gecko) Spaz/0.5.5
Cookie: 
X-Requested-With: XMLHttpRequest
Authorization: Basic [redacted]
Referer: app:/index.html
X-Flash-Version: 9,0,124,0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Content-Length: 44
Connection: keep-alive
Proxy-Connection: keep-alive
Host: twitter.com

source=spazstatus=try%20some%20posts%20yes


The Response:
---
HTTP/1.1 200 OK
Date: Sat, 11 Oct 2008 16:56:45 GMT
Server: hi
Last-Modified: Sat, 11 Oct 2008 16:56:45 GMT
Status: 200 OK
X-Runtime: 0.82562
ETag: 8fc604c80dcdced08520885363a0a456
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,  
post-check=0

Content-Type: application/json; charset=utf-8
Content-Length: 3352
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Set-Cookie: _twitter_sess=[redacted]; domain=.twitter.com; path=/
Connection: close

{text:try some posts yes,latest_status:span id=\latest_text\
onclick=\this.style.display='none';$ 
('latest_text_full').style.display='inline';\span

class=\status-text\\/spanspan id=\latest_meta\
class=\entry-meta\less than 5 seconds ago\/span\/span\n\n
span id=\latest_text_full\
onclick=\this.style.display='none';$ 
('latest_text').style.display='inline';\span

class=\status-text\\n\ttry some posts yes\/span\n  \tspan
class=\entry-meta\\t  a
href=\https:\/\/twitter.com\/spaztest\/statuses\/955614807\
class=\entry-date\ rel=\bookmark\abbr class=\published\
title=\2008-10-11T16:56:45+00:00\less than 5 seconds\/abbr
ago\/a\n\t\tfrom a
href=\http:\/\/funkatron.com\/spaz\Spaz\/a\n
\/span\/span,status_tr:  tr id=\status_955614807\
class=\hentry\\n  \n\t\t\ttd class=\thumb vcard author\\n
a href=\https:\/\/twitter.com\/spaztest\ class=\url\img
alt=\spaztest\ class=\photo fn\ id=\profile-image\
src=\https:\/\/static.twitter.com\/images\/ 
default_profile_normal.png\

\/\/a\n\t\t\/td\n\t\t  td\n\tdiv
class=\status-body\\t\n  \t\tstronga
href=\https:\/\/twitter.com\/spaztest\
title=\spaztest\spaztest\/a\/strong\n  \t\t\n\n  \t\t
\t\t\tspan class=\entry-content\\n  \t\t\t  try some posts yes\n
\t\t\t\/span\n\n  \t\t  \t\tspan class=\meta
entry-meta\\n  \t\t\t  \t\t\t  a
href=\https:\/\/twitter.com\/spaztest\/statuses\/955614807\
class=\entry-date\ rel=\bookmark\span class=\published\
title=\2008-10-11T16:56:45+00:00\less than 5 seconds\/span
ago\/a\n  \t\t\t  \t\t\tfrom a
href=\http:\/\/funkatron.com\/spaz\Spaz\/a\n
\t\t\/span\n\n  \t\t\n \t\/div\n  \t\/td\n  \ttd
align=\right\ width=\10\\n  \n  \t\t  \ndiv
id=\status_actions_955614807\ class=\status_actions\
style=\display:inline;\\n\t  a
href=\\/favourings\/create\/955614807\
id=\status_favourite_955614807\
onclick=\gaTrack('\/favourings\/create\/refresh'); new
Ajax.Request('\/favorites\/create\/955614807.json',
{asynchronous:true, evalScripts:true,
onLoading:function(request){$('status_star_955614807').src='\/images 
\/icon_throbber.gif'},

parameters:'authenticity_token=' +
encodeURIComponent('71cb22029f0ac55cb50a202da674a5a3587c2d79')});
return false;\ title=\Favorite this update\img alt=\Favorite\
border=\0\ id=\status_star_955614807\
src=\https:\/\/assets2.twitter.com\/images\/icon_star_empty.gif\
\/\/a\n\n\t\n\t  \n  a
href=\\/status\/destroy\/955614807\ onclick=\if (confirm('Sure you
want to delete this update? There is NO undo!')) {
gaTrack('\/status\/destroy\/refresh\/955614807');; new
Ajax.Request('\/status\/destroy\/955614807? 
authenticity_token=71cb22029f0ac55cb50a202da674a5a3587c2d79',

{asynchronous:true, evalScripts:true, method:'delete',
onFailure:function(request){},
onSuccess:function(request) 
{fadeOnDeleteAndDesignateLatestStatus('status_955614807');},

parameters:'authenticity_token=' +
encodeURIComponent('71cb22029f0ac55cb50a202da674a5a3587c2d79')}); };
return false;\ title=\Delete this update?\img alt=\Delete\
border=\0\ src=\https:\/\/assets2.twitter.com\/images\/ 
icon_trash.gif\

\/\/a\n  \n  \/div\n\n  \t\t\n\n  \t\/td\n
\/tr\n,status_count:160}


--
Ed Finkler
http://funkatron.com
AIM: funka7ron
ICQ: 3922133
Skype: funka7ron