2009/3/26 Adam N <arocki...@gmail.com>: > > The problem is that we're already getting tens of thousands of > requests a day through this thing and if we use the API, that > increases our compute/bandwidth/development overhead tremendously. > > In addition, and just as importantly, is there a demo template to take > the API data and template it so it looks just like the actual Twitter > page (including the profile_image, etc...)? > > As for the curl comment, you're right. My point was that it's not > like the iframe exploit that Twitter prevents shows the twitter.com > host either. > > http://shiflett.org/blog/2009/feb/twitter-dont-click-exploit
I can't think of a single legitimate reason why you'd want to duplicate the Twitter website that would add any great value to the user. At least not any more than implementing your own design instead. Also, if you're hitting the API limit the best course of action is to talk to Twitter rather than trying to find ways to get around it. Work with them or it won't work at all. -Stuart -- http://stut.net/projects/twitter/ > On Mar 26, 12:00 pm, Cameron Kaiser <spec...@floodgap.com> wrote: >> > I'd like to do the relatively simple task of embedding any given >> > person's twitter page on my page, with extra content (person's name, >> > links to other sites, etc...) on the top of the page. >> >> > The typical way to do this, which works with every other site, is just >> > to use an iframe. However, since the clickjacking exploits a few >> > months ago, that option has been quashed by Twitter. >> >> > Does anybody have a solution to this issue? Here are some solutions >> > so far: >> >> > 1. Use a non-Twitter site such as Tweetree. This is the best option >> > so far. >> > 2. Use the RSS feed and make guesses about the styling. >> > 3. Use curl to pass through the HTML from Twitter. >> >> > Ideally, Twitter would not hack around with iframes - forcing >> > developers into these shenanigans (especially when option #3 is so >> > much more powerful for clickjacking than iframes). Barring that, is >> > there any better solution than #1? >> >> Write your own script and query the API yourself (seriously). That's what >> the API is for. >> >> Also, why would #3 be *better* for clickjacking than an <iframe>? By copying >> and putting the HTML in your own document, the document is in *your* domain >> context, not Twitter's. >> >> -- >> ------------------------------------ personal:http://www.cameronkaiser.com/-- >> Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com >> -- People are weird. -- Law & Order SVU >> --------------------------------------- >
