Embedded timeline instant unfollow

followbutton
embeddedtimeline

#1

I noticed that if I click the follow button in an embedded timeline widget that another window opens with the option to follow or unfollow. This extra window step is unnecessary. If the follow button is clicked in the embedded timeline and we are following the user then it should just unfollow, not open another window to do this. Is there a way to avoid embedded timeline from opening up another window and just directly performing the action instead.

The other thing that I have noticed is that there is no way that the developer can check if the user has followed or unfollowed the person since the action takes place is within the popup iframe. Events such as

twttr.events.bind(
		  'click',
		  function (event) {
		  if (!event) return;
		  var label = event.region;
		  console.log('twitter_web_intents '+ event.type+" "+ label);
		}
		);

Are only produced on clicking the follow button and its not possible to get info on the result of the follow or unfollow

Cheers

Dave


#2

Hi Dave,

I can answer both parts of that question.

For the pop-up windows: Opening a window on Twitter.com (or our app) is necessary to complete actions because the widgets are not authenticated. We don’t require sites to register with us or authenticate to put Twitter in your page, but it means we can’t just perform an action inline. If we use an iframe from Twitter’s own domain (with a logged in session), then we open up our users to the vector of clickjacking attacks: If a follow button acted invisibly, it could be hidden in a page ({ opacity: 0; }), layered over the top of some other piece of UI (“Click Here to Claim Your Prize!”), and users would be tricked into following users they didn’t even see.

The pop-ups put users into a simple, minified Twitter context to complete the action without totally taking over the screen. It’s a simple compromise that keeps users secure and keeps the implementation of the widgets really simple for developers.

For the events, we had to make a change recently where all we can trigger for you is the type of interaction intended, not the result. This is because across large parts of the modern web platform, and the way in which some operating systems now integrate native apps alongside web content, we can’t reliably communicate messages from our Intents (or apps) back to host pages. We wrote about it in detail here: Announced change to Web Intent Events

Hope that helps,

Ben


#3

Thanks for your extensive reply. In the end I had to remove the header and use php, not ideal because of the get api limits. What’s actually more of a pain for me is that not all rest methods act on a list of users, so to unfollow 10 people requires 10 get api calls. Also it’s not possible to see which followers belong to which lists without making many api calls, it would be nice if list membership was included in the show users api call.

Cheers

Dsve


#4