A Hacker News vote button

This button is great, but the button server at hnbutton.appspot.com (which queries the search API) is frequently over its quota, which means the button doesn't appear / work a lot of the time.<p>It's easy to set up your own (free) button server though. Here's how: <a href="https://bountify.co/blog/host-your-own-hacker-news-button-server" rel="nofollow">https://bountify.co/blog/host-your-own-hacker-news-button-se...</a>

I have a question ... why can't a Hacker News button be done entirely in Javascript? If only HN would incorporate CORS file. Even if it doesn't, there could be a way to approximate it by checking if you are logged into HN, and if you are, doing a cross-domain POST via a form.<p>"But how do you know if you're logged into HN?" Ah, that's the hack.<p>for example: <a href="https://hacks.mozilla.org/2011/02/an-interesting-way-to-determine-if-you-are-logged-into-social-web-sites/" rel="nofollow">https://hacks.mozilla.org/2011/02/an-interesting-way-to-dete...</a><p>more in depth: <a href="http://stackoverflow.com/questions/5233560/possible-to-find-out-whether-a-user-is-logged-into-facebook-over-javascript-api" rel="nofollow">http://stackoverflow.com/questions/5233560/possible-to-find-...</a><p>The question -- for all the hackers here -- is, what resource can we request via Javascript on HN that will return a different status code (200 or another one) depending on login state?<p>For example, maybe posting a blank password to "change password" form will return a non-success status code when you aren't logged in, and be an innocuous post (since it results in an error).<p>Of course, the trouble with these techniques is that the site can disable them at any time.

Looks beautiful but any problems with the votes being discounted? Will it still work in future or is it an exploit that would get closed?

Doesn't the vote get penalized if you vote directly, instead of searching the topic on the web page?

How can we do custom styles on it? Right now it's not aligned with other share buttons.<p>Screenshot: <a href="http://g2f.nl/0c4ajy1.png" rel="nofollow">http://g2f.nl/0c4ajy1.png</a><p>Edit: You can style ".hn-share-iframe". Then the next issue: it's much wider than it needs to be when the story has already been submitted (see the screenshot, there's a lot of blank space on the right). Is there any other solution besides just positioning it on the right of the share buttons list?

So how does this work? Does hnbutton.appspot.com do some clever proxying, or something? Or does HN just have a very easily exploitable XSRF vulnerability?

I may be missing something, but I don't understand the point of the step 2 in the README: why not just say to add the &#60;script&#62; tag directly?

is there a demo somewhere? I tried to do something similar but the ycombinator.com domain returns the "X-Frame-Options:deny" header which makes iframing impossible. Also in order to vote by simple GETting a url you have to include a CSRF token as a URL parameter.

Upvote for shanky!

Great stuff. I'm gonna incorporate this on my upcoming blog. Thanks!<p>On a side note. Could someone at YC fix the up vote arrows here? It's really hard to hit these tiny arrows without hitting everything around before, really messy. BTW, a larger textfield wouldn't hurt either.<p>PS: Sorry for stealing your topic, I just felt the need to say these things which I think don't bother only me. ;)