Tuesday, June 07, 2011

IFrames, Layered Security, And Following

A little over two years ago, I wrote about Following, and an odd detail.
I clicked on the users picture. Where is the button to Block the user?
People, even when logged in to Blogger, as an administrator of their own blog, were being treated as a Guest, when using Following on that blog.

I attributed that oddity to the fact that Following was served inside an iframe, which made the Blogger login cookie irrelevant to Following, since Following is served from a separate domain. The navbar, another fascinating artifact of Blogger life, is another iframe hosted feature - but it is served from "blogger.com", the main Blogger domain.

Recently, I discovered that this was no longer the case.

Right now, if you login to Blogger, and are able to successfully load your blog as an administrator, you should find yourself also logged in to Following, using your Blogger account. If you examine the code in the default Blogger gadget, you'll find an iframe - - but it's a bit more subtle than earlier. And if you use a custom Followers gadget, you may not use an iframe, at all.

There were several odd details, when Following was hosted inside the iframe, earlier.
  • As noted, you would have to login specifically to Following.
  • You could login using a different account, to Following, without affecting your Blogger session.
  • The search engines would not pick up on links inside Following - making it less useful for spammers who wanted only to pimp their blogs to the search engines.
  • The choice of many different accounts, to use when Following a blog, made for even more interesting scenarios.
  • Layered security, in your browser or on your computer, ignored Following.
  • Content served inside an iframe is not as interesting to many security programs, as content served without an iframe.

Some of the above scenarios are now different. One detail is not good.
  • You do not have to login to Following - just login using your Blogger account, to Blogger.
  • If you're logged in to Blogger, you'll use your Blogger account as your Following account. This should make for a more stable Following experience.
  • If your browser, or computer, filters using Unix level security
    Deny by default, Permit by exception.
    you will have to enable "googleusercontent.com", and / or the domain used by the blog itself, if you wish to see the Followers gadget, on most blogs.

The latter detail is one of the causes of some of the recent disruptions, reported passionately in Blogger Help Forum: Something Is Broken.
I cannot see my Followers, though others can!
Unfortunately, when advised to check their script filters, not every blog owner or reader is willing to do this. Some vehemently object to modifying their computer, period.
When a user makes an adjustment to something and their Followers return, that's great for them - but why should I have to do this? This is a problem for Blogger to fix!

One of the most commonly used Unix level filter is Firefox, with AdBlock or NoScript. By default, NoScript blocks all scripts from all untrusted domain - and by default, every domain is untrusted. When you setup a clean and new Firefox upgrade, you'll find every domain open to you. Install NoScript, and you'll find just the opposite.

Long ago, I enabled "googleusercontent.com", which generally solves my needs. Every so often, with a different blog that I visit in Firefox, I may once again discover the same thing - no Followers gadget. I find the NoScript icon in my Firefox tooltray, popup the options menu, select "Temporarily allow xxxxxxx.blogspot.com", wait for Firefox to refresh the display, and there it is - Followers - for that blog. The next blog, the same possibility.

People with AdBlock, another hugely popular Firefox accessory, will likely find the same thing. If you visit the Mozilla Extensions page, you'll see AdBlock Plus and NoScript, in the #1 and #2 places in the popularity list, right now.
767,781 weekly downloads
611,921 weekly downloads
Internet Explorer has a different domain sensitive trust structure, built in - no add-on installation period. And with Unix level security in Internet Explorer Version 8 - and more so in Version 9 - comes more people unknowingly using
Deny by default, Permit by exception.

It doesn't take much imagination to see Firefox and Internet Explorer users as being a major source of the complaint
I cannot see my Followers, though others can!
Unfortunately, this is yet one more detail that, like the current problem with commenting and cookie filtering, really is the responsibility of each computer owner.

>> Top

3 comments:

RENO - レノ said...

your problems with what I experienced, every so often mine follower gadget does not show up. I also dont understand where the fault is less, what is the google itself or from another.
sorry if my english bad..
regard.

Chuck said...

Reno,

With you living in SE Asia (Indonesia), and you reporting your problem as "every so often", makes me think of another problem, somewhat separate from what's discussed above.

If you can post in Blogger Help Forum: Something Is Broken, I'll look forward to discussing the problem with you, in detail, there.

http://blogging.nitecruzr.net/2009/01/mtu-setting-problem-why-is-it-so.html

LindyLouMac in Italy said...

Oh golly all this is mind boggling I have just left a question in the forum about this old question and become a follower here to try and help as I am aware it is my problem. I am not technical and cannot get my head around why today the followers are showing in one blog but not the other. :(