IT Issues Notes

First, we need to understand the exact problem and when it started.

Yes, Google Drive offers 16GB even for free accounts, making it a popular service for traffic distribution and file sharing. Many people use it to upload videos or image files and then serve them through download links on their websites. Most of the time, these files were displayed via HTML links as images or URLs.
However, since early January 2024, images have started showing broken links and 403 errors, with video and audio files also being blocked.

What format are the blocked links currently in?

The links that have been officially provided by Google Drive and are now causing 403 errors are in the following format.

https://drive.google.com/uc?id=[FILE ID]&export=download

What exactly does a 403 error mean?

Conceptually, a 403 error is an HTTP status code indicating that the server is refusing access to the client for security reasons. This means you cannot access the desired page or image elements.There are usually two reasons for this: the user does not have permission to view the page, or the page or elements are blocked for security reasons. In this Google Drive issue, it's the latter.

Google Drive users must be quite vocal about this. How are they reacting, and is this a problem unique to Google?

Many forums are discussing this issue, with numerous users hoping Google will resolve it. However, the root cause of this issue isn't Google Drive itself but rather the 'third-party cookie blocking' security policies of browsers.

We'll address the 'third-party cookie blocking issue' later, but realistically, a solution is needed for web service providers and users facing inconveniences. The sudden policy change is causing confusion and inconvenience in the 'user experience'. Is this user experience ranked below security? And did Google provide adequate notice or warnings about this change?

Firstly, I'll defer the question about the priority of user experience versus security to another participant. Google Drive did announce changes to the 'third-party cookie requirements' on October 16, 2023, with a message instructing users to adapt their usage by January 2, 2024. Here is the link and summary of the announcement.


Upcoming changes to third-party cookie requirements in Google Drive


"Google Chrome and other browsers have started phasing out third-party cookies to enhance user privacy. Starting from January 2, 2024, Drive will provide downloads without requiring third-party cookies when included on third-party websites. This is separate from downloading files directly from Drive. If you have workflows or apps that depend on Drive's download URL, you should transition to Drive and Document publishing flows by January 2, 2024."

So, are there any alternatives or methods suggested by Google Drive for displaying images, videos, and music files stored on Google Drive in HTML5?

Yes, they have recommended embedding the content using the iframe method. The controversy largely centers around this iframe approach. While it’s understandable that Google, which operates the Chrome browser, aligns with Safari, Edge, and Firefox in enhancing security through third-party cookie policies, suggesting iframes as an alternative seems somewhat contradictory.

As is typical for IntelliPia, let’s clarify the concept and common sense surrounding iframes.

An iframe (Inline Frame) is an HTML tag used to embed another webpage within a webpage, and it was very popular at one time. Even now, it is useful for implementing a page within a page, allowing for flexible content management by linking independent pages within an iframe.

From a security standpoint, iframes can be useful, but these advantages are guaranteed only when used within the same domain. The ability to easily integrate content from different sources and add another site's page to your own was once a highlight, but many websites now block methods that involve bringing in third-party domain content via iframes.

In summary, when discussing security, iframes can be more sensitive than blocking third-party cookies. The fact that Google’s proposed alternative is an iframe method can cause controversy, as it doesn't clearly address the underlying issues of policy and change.

What is the format of the iframe method provided by Google, and how are users reacting to it?

Google's iframe alternative essentially displays a block containing the external link, without registering cookies. Clicking on it redirects to Google Drive. You can view and download images, videos, and music from the display page provided by Google Drive.

Naturally, users are largely frustrated with this solution. The provided format is cumbersome, and forcing users to access Google Drive display pages via links is inconvenient. More importantly, internally connected Google Drive is considered a third-party domain. Websites that block third-party domain iframes won't be able to use this linking method. However, site developers can set exceptions. Since the iframe method isn’t a third-party cookie approach, as long as Google Drive doesn't introduce any security anomalies through the iframe, browsers can consider it safe.

Here is the iframe method proposed by Google.