Errors when a user presses the Twitter Follow button


#1

We are getting several errors logged on the server, apparently being caused after a user presses the twitter follow button.

It claims this is the http referrer: http://platform.twitter.com/widgets/follow_button.1346143399.html

It is generating urls like the following: http://lol.askmrrobot.com/champion/varus-adcarry/bot",“widget”:true,“pid”:""}

This is getting flagged as a dangerous url by our server because of the colon and stuff, and throwing an error (which is desired – we don’t allow urls like this). It seems that the twitter widget is tacking some json onto a url back to our site and sending it as a GET request… very weird.


#2

Are you still experiencing this today? If so, can you share a URL where I can observe the behavior? Thanks!


#3

We got 2 more errors this morning. I’m not sure which button is doing it, but we have 2. One of them is a ‘jetpack’ integration with wordpress. You can find that button at the end of this post (right above the comments): http://www.reddit.com/r/leagueoflegends/comments/yy12z/damage_graphs_for_49_champions_more_coming_soon/

We have another button on our main website (http://www.askmrrobot.com). Click on the ‘community’ dropdown in the navigation. The follow button is in that menu.


#4

Hi,

We’re looking into this at the moment. Are you able to tell which browser user agent these misdirected requests are coming from? Trying to determine if it’s occurring in just a single browser, or a broader range.

Thanks,

Ben


#5

Yeah, it looks like all of the errors are on FF 14.0.1. Here are some more details:

URL is the url on lol.askmrrobot.com that is being requested – looks like some JSON being placed without encoding into a GET request from our server.

All of the errors seem to be from Firefox 14.0.1… I wonder if there is a Twitter addon that some people have that is not working correctly?

Generated: Wed, 29 Aug 2012 13:43:50 GMT
HTTP_HOST lol.askmrrobot.com
HTTP_REFERER http://platform.twitter.com/widgets/follow_button.1346227337.html
HTTP_USER_AGENT Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
URL /",“widget”:true,“pid”:“v3:1344810415851827422942709”}

Generated: Tue, 28 Aug 2012 20:42:43 GMT
HTTP_HOST lol.askmrrobot.com
HTTP_REFERER http://platform.twitter.com/widgets/follow_button.1346143399.html
HTTP_USER_AGENT Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
URL /champion/varus-adcarry/bot",“widget”:true,“pid”:""}

Generated: Tue, 28 Aug 2012 19:13:28 GMT
HTTP_HOST lol.askmrrobot.com
HTTP_REFERER http://platform.twitter.com/widgets/follow_button.1346143399.html
HTTP_USER_AGENT Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
URL /champion/kayle-adcarry/top",“widget”:true,“pid”:""}


#6

Any status updates on this.

I’m currently having this exact issue:
URL


HTTP_USER_AGENT
"Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/15.0.1"
HTTP_REFERER
http://platform.twitter.com/widgets/tweet_button.1347008535.html


#7

Same here.
http://www.fdiclistings.com/PropertyView.aspx?id=14060","widget":true,"pid":""}

The url is being malformed.
This: "%22,%22widget%22:true,%22pid%22:%22%22%7D"
Should be this: "&%22,%22widget%22:true,%22pid%22:%22%22%7D"
There needs to be an & added before that first %22. Any parameterized search is going to throw an error when it sees that.
It’s almost looking like a sql injection hack when it’s not.


#8

I am getting error reports too. The latest was Firefox 16.0 on Windows on 2012-11-04 20:01:27 EST. The normal URL is:
https://www.baka.ca/order/selectfeatures/Additional-Airtime?rateplan_id=2168

The following was appended to the URL:
",“widget”:true,“pid”:""}

HTTP_REFERER: https://platform.twitter.com/widgets/follow_button.1351848862.html
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0


#9

Is there an update to this? Is it a coincidence that it appears to happen on Firefox?


#10

Hi everyone. Sorry for the quiet on this one. We made a change to part of our widget code a number of weeks ago and hoped it would resolve the issue, as we’ve never been able to reproduce it in isolation. Along with Frank and Christian above we had another report today so we’re looking again. I’m going to push out a patch shortly that should prevent it from happening.

We’ve narrowed the cause of the error to only occurring in Firefox, with some undetermined extension installed. We cannot reproduce the error with raw, extensionless versions of Firefox installed, which we think explains why there aren’t an overwhelming quantity of reports. On the other hand, there are enough reports that whatever extension is malfunctioning must have a reasonable install-base. I suspect it’s a pre-caching, or speed optimisation extension, because what’s happening is that it’s misidentifying your page’s (encoded) URL inside of another URL parameter inside of the widget, and proceeding to to access it, with the remainder of the query string appended.

I worked my way through some of the more popular Firefox extensions matching this description this evening, but none enabled me to reproduce the error. We’ll put in a work-around regardless as best we can, but if anyone happens to have some insight into Firefox add-ins that might be a culprit, we’d love to test it more thoroughly.

Thanks everyone for your patience, and apologies for the delay.


#11