Hacker News new | past | comments | ask | show | jobs | submit login
A Hacker News vote button (github.com/igrigorik)
124 points by fnaticshank on Nov 25, 2012 | hide | past | favorite | 36 comments

This button is great, but the button server at hnbutton.appspot.com (which queries the search API) is frequently over its quota, which means the button doesn't appear / work a lot of the time.

It's easy to set up your own (free) button server though. Here's how: https://bountify.co/blog/host-your-own-hacker-news-button-se...

Fixed - plenty of quota now!

I honestly didn't realize how much traction it picked up over the past 6 months.. It was a (pleasant) surprise to login into my GAE console and realize that it was serving, on peak days, over 1M impressions.

Interestingly enough, the "exceeded quota" was not for CPU resources! Instead, it was all egress bandwidth. On busy days, it would reach the free 1GB egress limit sometime between 6-12PM, and hence the error. I've upgraded the app, and it should be good for terabytes a day. ;-)

P.S. I've also pushed an update to enable more aggressive HTTP caching on the assets.

So you turned on billing? ;-) Good to know it was getting so many impressions at the free tier, GAE is undervalued by the community me thinks.

Yep, flipped the billing bit. All I need is the extra bandwidth though.. The sole Go app instance is standing up like a champ!

Great link thanks for sharing that.

I have a question ... why can't a Hacker News button be done entirely in Javascript? If only HN would incorporate CORS file. Even if it doesn't, there could be a way to approximate it by checking if you are logged into HN, and if you are, doing a cross-domain POST via a form.

"But how do you know if you're logged into HN?" Ah, that's the hack.

for example: https://hacks.mozilla.org/2011/02/an-interesting-way-to-dete...

more in depth: http://stackoverflow.com/questions/5233560/possible-to-find-...

The question -- for all the hackers here -- is, what resource can we request via Javascript on HN that will return a different status code (200 or another one) depending on login state?

For example, maybe posting a blank password to "change password" form will return a non-success status code when you aren't logged in, and be an innocuous post (since it results in an error).

Of course, the trouble with these techniques is that the site can disable them at any time.

RE: status code depending on login state - You could curl the homepage and see if the logout link exists

true, but any way to determine it using only javascript in a browser?

Looks beautiful but any problems with the votes being discounted? Will it still work in future or is it an exploit that would get closed?

The instructions are for the async install, so even if the widget is broken or goes down (it shouldn't), your site rendering will not be blocked, or affected in any other way.

Doesn't the vote get penalized if you vote directly, instead of searching the topic on the web page?

How can we do custom styles on it? Right now it's not aligned with other share buttons.

Screenshot: http://g2f.nl/0c4ajy1.png

Edit: You can style ".hn-share-iframe". Then the next issue: it's much wider than it needs to be when the story has already been submitted (see the screenshot, there's a lot of blank space on the right). Is there any other solution besides just positioning it on the right of the share buttons list?

Unfortunately, not that I've found.. Twitter and G+ also reserve the space and run into the same problem. The root issue is the lack of automagic iframe resizing.. which is what "seamless" attribute will solve, once it arrives and is supported by the browsers.

Okay, thanks for the reply.

So how does this work? Does hnbutton.appspot.com do some clever proxying, or something? Or does HN just have a very easily exploitable XSRF vulnerability?

From what I can understand, looking at one site that uses the button[0], it just displays current votes and links you to the submission. It doesn't do any voting from the site like a reddit button would do.

[0] https://bountify.co/blog/host-your-own-hacker-news-button-se...

My answer to GP looks silly now. I see what he meant. The submission title should change to vote-counter button to avoid the confusion.

I also don't understand how it works. If you could up-vote just by following a link, you could easily gain a system. For example, you could submit a story that automatically up-votes itself when visited by logged-in user, without any button press (CSRF). I believe Facebook like button (and other similar gadgets) are iframes from Facebook. So Facebook controls how the button looks like and it is not possible to submit 'Like' requests from a third party domain.


EDIT: This is a submission from a while ago that does, in fact, upvote itself.

I may be missing something, but I don't understand the point of the step 2 in the README: why not just say to add the <script> tag directly?

Then any browser will try to load the script synchronously. This ensures asynchronous loading and if there is a problem with button server, it stays there.

Oh, okay. Thanks.

is there a demo somewhere? I tried to do something similar but the ycombinator.com domain returns the "X-Frame-Options:deny" header which makes iframing impossible. Also in order to vote by simple GETting a url you have to include a CSRF token as a URL parameter.

Check one of the bgr.com articles, they have it installed in the sidebar.

It doesn't seem to work. Check out any of the articles submitted to HN:


They all show "submit". I re-submitted one of the stories myself. Still shows "submit" as the HN button.

EDIT: Ok apparently it does work after I submitted a story through it (cold cache?) But it's still pretty meh, really just a glorified <a><img></a>

There is a bit of lag for the hnsearch API to pickup the latest vote count.

Upvote for shanky!

thankyou :D

Great stuff. I'm gonna incorporate this on my upcoming blog. Thanks!

On a side note. Could someone at YC fix the up vote arrows here? It's really hard to hit these tiny arrows without hitting everything around before, really messy. BTW, a larger textfield wouldn't hurt either.

PS: Sorry for stealing your topic, I just felt the need to say these things which I think don't bother only me. ;)

They don't only bother you, believe me. Most of us have simply given up asking for site changes. We hack the styles ourselves or simply deal with it.

Great tip, thanks for that. But I was referring to touch devices which make somewhat difficult to apply custom styles. So we shouldn't give up on our "demands" for better UX.

I agree, touch devices are the problem. I think there may be some apps out there for HN and the like, but a mobile-designed site would suit me better.

Warning, shameless plug incoming. I made a HN app for iPhone and iPad to solve some of the issues of the site. Mainly going back and forth from comments to article. Haven't gotten to a better voting yet, but I may in the future.


I have an app on my phone and a different one on my ipad. Checking to see if the one on my phone is yours- how can I tell?

I suspect it's not, as mine is universal. If you had mine on it, they'd both have the same icon. Also, you can go to the app store from the link above and if it says "Open" it means you have it on the device.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact