fractalnavel

i like tumblr.com for it's ease of rich media posting & viewing.  but since upgrading ("up"? really?) to ie8, a lot of the videos greet me with:

talk about ruining the experience.

apparently, this is a new "feature" in ie8.  it has introduced the X-Frame-Options header that sites can choose to deliver.  supposedly this is to help protect me from internet bogeymen.  there's a lot of this sort of thing in the new release.  is this really what everyone wants when they bitched about ie not being as secure as other browsers ?  this appears to be unique to ie8 at this time.  what cvrap.  more on its origin.

unlike some other obstruction security features, there doesn't appear to be any way to turn off this behavior, as far as i can tell.

i suppose i could design my own proxy to strip these things before the browser gets them.  waste of time.

another way of looking at this is that some of the website publishers are unnecessarily using that header.  i mean, what's the threat in displaying a video ?  basically this thing has been co-opted as an annoyance-factor based type of content protection.  but only for ie8 ?  or are they just trying to piss off microsoft users in the ongoing tech religion wars ? 

odd, too, that this thing is fairly new - and so many uses already ?  or is this protection being triggered by something unintended ?  as in - is there a bug ?  here goes, firing up fiddler...

ok, first thing i notice is that this only affects tumblr's dashboard view.  apparently they aren't using frames for the actual tumble-blogs & posts.  huh.  nor are all videos framed.  looks like tumblr is trying to do something here - the framed videos come from "safe.tumblr.com". ^[1]

sure enough, the X-Frame-Options: deny header is there.  clearly, something is going on here that i don't understand.  what is tumblr doing with those videos, and why ? ^[2]

not much in the mood for more in-depth research at this point, just wanted to air a rant.

^[1] btw, nice ascii art in the tumblr html source:

<!--
    
        .                                  .o8       oooo               
      .o8                                 "888       `888               
    .o888oo oooo  oooo  ooo. .oo.  .oo.    888oooo.   888  oooo d8b     
      888   `888  `888  `888P"Y88bP"Y88b   d88' `88b  888  `888""8P     
      888    888   888   888   888   888   888   888  888   888         
      888 .  888   888   888   888   888   888   888  888   888     .o. 
      "888"  `V88V"V8P' o888o o888o o888o  `Y8bod8P' o888o d888b    Y8P
 
-->

^[2] and why is wlw using "font" tags when i mess with the toolbar ?  i guess that's correct, although "span" is more common now in later wysiwyg editors.