There’s been a forum thread or two around and a few support tickets mentioning that the follow an author link no longer works if you try and put it in a button in your item description or profile.
The short version: we’ve had to disable the link due to certain authors abusing it.
The long version (if you can be bothered):
The way we’d initially built the following system with Ajax didn’t follow security best practices. Usually when setting up a system like that you only allow the code on the other end of the URL to only accept POST requests. When you don’t you’re left with a bad situation where other people can trick you into visiting the URL and the action would be performed against your will. This blog post can give you a good overview of GET vs POST if you’re interested.
Anyways, by the time we’d figured out that we’d deployed something I’d describe as “not ideal” (perhaps a bit generous) it’d started being used in author profiles and item descriptions in a nice way, and no one was taking advantage of the security hole, so we decided to sit back and watch.
Unfortunately, some people started to abuse the feature and set things up to trap users into following them, and so we’ve had to disable the accidental feature we had.
In the longer term we’re hoping to build a little follow widget code you can put into item descriptions, but for right now we’re stuck in a nasty spot where we’re short staffed and can’t build the cool new feature to make up for it, but can’t leave a security hole wide open either when people know about it. Sorry we had to turn this off, and a bigger sorry for not actually writing this notice sooner (instead of waiting for complaints to come in), and hopefully we can do something nice for you all soon to make up for it.
Request processing...