Hi Zazie, On Tue, May 31, 2011 at 1:43 PM, Zazie Lavender <zazielaven...@gmail.com> wrote: > This is great, but I worry that this might easily be abused. The code > for a follow button seems written in a way that allows the user to > redress the link however they please. I see the main intent url as > being easily extracted for no-js users; but this means someone could > take that URL, redress it as a link someone would WANT to click on and > fool people into clicking such a button to boost their own follower > counts.
We have anti-CSRF protection to prevent the follow endpoint being used outside of the button. We also have malware detection in place so we can quickly shut down abusive sites. Thanks, -- Dan Webb Technical Lead, Twitter For Websites d...@twitter.com / @danwrong -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
