Twitter embed->get returns null on production

[Krystus]

On localhost everything is ok... but in production embed returns null from Twitter.

class EmbedsController extends Controller
{
    public function getEmbedData(Request $request) {
        $embed = new Embed();

        $embed->setSettings([
            'facebook:token' => env('FACEBOOK_TOKEN'),
            'instagram:token' => env('INSTAGRAM_TOKEN'),
            'twitter:token' => env('TWITTER_TOKEN'),
        ]);

        $embedResponse = $embed->get($request->get('url'));

        $embedData = collect([
            'provider' => $embedResponse->providerName,
            'embed' => $embedResponse->code
        ]);

        \Log::warning($embedData->toJson());

        return $embedData->toJson();
    }
}

localhost:
[2023-05-29 13:43:14] local.WARNING: {"provider":"Twitter","embed":{"html":"<blockquote class=\"twitter-tweet\"><p lang=\"en\" dir=\"ltr\">\u2694\ufe0f Slaying demons has never been more approachable<br><br>\ud83d\udd25 Sanctuary now has over 50 accessibility features in <a href=\"https:\/\/twitter.com\/hashtag\/DiabloIV?src=hash&amp;ref_src=twsrc%5Etfw\">#DiabloIV<\/a> <br><br>\ud83d\udd17 <a href=\"https:\/\/t.co\/UY9z8bxpbX\">https:\/\/t.co\/UY9z8bxpbX<\/a> <a href=\"https:\/\/t.co\/4HVGgGnJkB\">pic.twitter.com\/4HVGgGnJkB<\/a><\/p>&mdash; Blizzard Entertainment (@Blizzard_Ent) <a href=\"https:\/\/twitter.com\/Blizzard_Ent\/status\/1661446975613554693?ref_src=twsrc%5Etfw\">May 24, 2023<\/a><\/blockquote> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>","width":550,"height":null,"ratio":null}}

production:
[2023-05-29 13:42:46] production.WARNING: {"provider":"Twitter","embed":null}

[oscarotero]

I suspect this is something at Twitter side, that blocks some request from specific IPs.

In the online demo, it doesn't work (https://oscarotero.com/embed/demo/index.php?url=https%3A%2F%2Ftwitter.com%2FBlizzard_Ent%2Fstatus%2F1661446975613554693&settings=)

But if you download the oembed JSON directly from the browser, it has data
https://publish.twitter.com/oembed?url=https%3A%2F%2Ftwitter.com%2FBlizzard_Ent%2Fstatus%2F1661446975613554693&format=json

 

[RiverVanRain]

@oscarotero @Krystus It's not about IPs blocking but Twitter's side issue.

There're many topics on Twitter community in last days:
https://twittercommunity.com/t/issue-with-twitter-oembed-api-when-accessed-from-digitalocean-droplets/194215
https://twittercommunity.com/t/wordpress-fails-to-embed-tweets/194433
https://twittercommunity.com/t/twitter-embed-not-working-via-wordpress-and-embedpress/195253

[oscarotero]

IPs from Digital Oceans and Hetzner servers are blocked by some APIs because they are often used for scrapping and other "bad" things.

[RiverVanRain]

I don't agree with this because it's the same on Amazon, OVH hostings.
The Cloudflare proxy is also affected.
Anyway, Twitter hasn't responded yet.

[mpratt]

Hi Y'all!

There seems to be a solution, it might be worth checking it out.
Please let us know if it works for anyone.

Given the ip address ranges described here: https://developer.twitter.com/en/blog/product-news/2022/updated-source-ip-address-range
You need to allow all TCP connections from those IP ranges.

Here is the Blog post from the person that found the fix:
https://300m.com/security/twitter-oembed-broken-on-digitalocean/