Y
Hacker News
new
|
ask
|
show
|
jobs
by
habosa
1691 days ago
So could Twitter make two requests, one as TwitterBot and one anonymously, and then add a warning if they don't go to the same place?
2 comments
pornel
1690 days ago
The attacker doesn't need to detect whether the TwitterBot is making a request. They can redirect every request to the spoofed site after posting the link, until the preview is generated.
link
zinekeller
1691 days ago
That's what Google does sometimes - but it's sometimes considered rude. Plus, anti-bot software may accidentally thwart Twitter's checking bot.
link