[wp-trac] [WordPress Trac] #26844: Twitter oembeds not working because of Twitter API change

WordPress Trac noreply at wordpress.org
Wed Jan 15 21:08:07 UTC 2014


#26844: Twitter oembeds not working because of Twitter API change
--------------------------+--------------------
 Reporter:  yurivictor    |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  3.9
Component:  Embeds        |     Version:  trunk
 Severity:  normal        |  Resolution:
 Keywords:  needs-patch   |
--------------------------+--------------------

Comment (by gcorne):

 Replying to [comment:3 nacin]:
 > So — while
 http://api.twitter.com/1/statuses/oembed.json?id=423546680999301121
 redirects in a browser, yurivictor pointed out that `curl --head` gets a
 403. Why? Would be good to investigate and report that back to Twitter. If
 they can fix that, then all existing WordPress installs (that support
 OpenSSL) should follow this redirect without an issue.


 So thanks to [http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
 strict-transport-security], browsers are not actually redirecting. Instead
 the browser is using https protocol even if the user enters http:// in the
 location bar.

 Here are the headers from an https request that show the {{{ strict-
 transport-security: max-age=631138519 }}} header being sent:


 {{{
 $ curl -v
 'https://api.twitter.com/1/statuses/oembed.json?id=423546680999301121' -H
 'Accept:
 text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8'
 -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1)
 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36'
 -b 'guest_id=v1%3A138981846426213327'
 * Adding handle: conn: 0x7f9763004000
 * Adding handle: send: 0
 * Adding handle: recv: 0
 * Curl_addHandleToPipeline: length: 1
 * - Conn 0 (0x7f9763004000) send_pipe: 1, recv_pipe: 0
 * About to connect() to api.twitter.com port 443 (#0)
 *   Trying 199.16.156.40...
 * Connected to api.twitter.com (199.16.156.40) port 443 (#0)
 * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_RC4_128_SHA
 * Server certificate: api.twitter.com
 * Server certificate: VeriSign Class 3 Secure Server CA - G3
 * Server certificate: VeriSign Class 3 Public Primary Certification
 Authority - G5
 > GET /1/statuses/oembed.json?id=423546680999301121 HTTP/1.1
 > Host: api.twitter.com
 > Cookie: guest_id=v1%3A138981846426213327
 > Accept:
 text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
 > User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1)
 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
 >
 < HTTP/1.1 200 OK
 < cache-control: must-revalidate, max-age=3153600000
 < content-length: 794
 < content-type: application/json;charset=utf-8
 < date: Wed, 15 Jan 2014 21:04:43 GMT
 < expires: Fri, 22 Dec 2113 21:04:43 GMT
 < last-modified: Wed, 15 Jan 2014 21:04:43 GMT
 * Server tfe is not blacklisted
 < server: tfe
 < strict-transport-security: max-age=631138519
 < x-content-type-options: nosniff
 < x-frame-options: SAMEORIGIN
 < x-transaction: 9e09e54fb5666417
 < x-xss-protection: 1; mode=block
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/26844#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list