Skip to main content

IFrames, Layered Security, And Following

A little over two years ago, I wrote about Following, and an odd detail.
I clicked on the users picture. Where is the button to Block the user?
People, even when logged in to Blogger, as an administrator of their own blog, were being treated as a Guest, when using Following on that blog.

I attributed that oddity to the fact that Following was served inside an iframe, which made the Blogger login cookie irrelevant to Following, since Following is served from a separate domain. The navbar, another fascinating artifact of Blogger life, is another iframe hosted feature - but it is served from "blogger.com", the main Blogger domain.

Recently, I discovered that this was no longer the case.

Right now, if you login to Blogger, and are able to successfully load your blog as an administrator, you should find yourself also logged in to Following, using your Blogger account. If you examine the code in the default Blogger gadget, you'll find an iframe - - but it's a bit more subtle than earlier. And if you use a custom Followers gadget, you may not use an iframe, at all.

There were several odd details, when Following was hosted inside the iframe, earlier.
  • As noted, you would have to login specifically to Following.
  • You could login using a different account, to Following, without affecting your Blogger session.
  • The search engines would not pick up on links inside Following - making it less useful for spammers who wanted only to pimp their blogs to the search engines.
  • The choice of many different accounts, to use when Following a blog, made for even more interesting scenarios.
  • Layered security, in your browser or on your computer, ignored Following.
  • Content served inside an iframe is not as interesting to many security programs, as content served without an iframe.

Some of the above scenarios are now different. One detail is not good.
  • You do not have to login to Following - just login using your Blogger account, to Blogger.
  • If you're logged in to Blogger, you'll use your Blogger account as your Following account. This should make for a more stable Following experience.
  • If your browser, or computer, filters using Unix level security
    Deny by default, Permit by exception.
    you will have to enable "googleusercontent.com", and / or the domain used by the blog itself, if you wish to see the Followers gadget, on most blogs.

The latter detail is one of the causes of some of the recent disruptions, reported passionately in Blogger Help Forum: Something Is Broken.
I cannot see my Followers, though others can!
Unfortunately, when advised to check their script filters, not every blog owner or reader is willing to do this. Some vehemently object to modifying their computer, period.
When a user makes an adjustment to something and their Followers return, that's great for them - but why should I have to do this? This is a problem for Blogger to fix!

One of the most commonly used Unix level filter is Firefox, with AdBlock or NoScript. By default, NoScript blocks all scripts from all untrusted domain - and by default, every domain is untrusted. When you setup a clean and new Firefox upgrade, you'll find every domain open to you. Install NoScript, and you'll find just the opposite.

Long ago, I enabled "googleusercontent.com", which generally solves my needs. Every so often, with a different blog that I visit in Firefox, I may once again discover the same thing - no Followers gadget. I find the NoScript icon in my Firefox tooltray, popup the options menu, select "Temporarily allow xxxxxxx.blogspot.com", wait for Firefox to refresh the display, and there it is - Followers - for that blog. The next blog, the same possibility.

People with AdBlock, another hugely popular Firefox accessory, will likely find the same thing. If you visit the Mozilla Extensions page, you'll see AdBlock Plus and NoScript, in the #1 and #2 places in the popularity list, right now.
767,781 weekly downloads
611,921 weekly downloads
Internet Explorer has a different domain sensitive trust structure, built in - no add-on installation period. And with Unix level security in Internet Explorer Version 8 - and more so in Version 9 - comes more people unknowingly using
Deny by default, Permit by exception.

It doesn't take much imagination to see Firefox and Internet Explorer users as being a major source of the complaint
I cannot see my Followers, though others can!
Unfortunately, this is yet one more detail that, like the current problem with commenting and cookie filtering, really is the responsibility of each computer owner.

>> Top

Comments

RENO - レノ said…
your problems with what I experienced, every so often mine follower gadget does not show up. I also dont understand where the fault is less, what is the google itself or from another.
sorry if my english bad..
regard.
Chuck said…
Reno,

With you living in SE Asia (Indonesia), and you reporting your problem as "every so often", makes me think of another problem, somewhat separate from what's discussed above.

If you can post in Blogger Help Forum: Something Is Broken, I'll look forward to discussing the problem with you, in detail, there.

http://blogging.nitecruzr.net/2009/01/mtu-setting-problem-why-is-it-so.html
Oh golly all this is mind boggling I have just left a question in the forum about this old question and become a follower here to try and help as I am aware it is my problem. I am not technical and cannot get my head around why today the followers are showing in one blog but not the other. :(

Popular posts from this blog

Custom Domain Migration - Managing The Traffic

Your blog depends upon traffic for its success.

Anything that affects the traffic to your blog, such as any change in the URL, affects the success of your blog. Publishing the blog to a custom domain, like renaming the blog, will affect traffic to your blog. The effects of the change will vary from blog to blog, because of the different traffic to every different blog.Followers. People who find your blog because of recommendations by other people.Search engines. Robotic processes which methodically surf your blog, and provide dynamic indexing to people who search for information.Subscribers. People who read your content from their newsfeed reader, such as the dashboard Reading List.Viewers. People who read your content from their browser.No two blogs are the same - and no two blogs will have the same combinations of traffic sources.

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.