Why your feedback board can't be embedded in an iframe

Until early 2024, it was possible to embed your Feature Upvote board into an HTML iframe .

Unfortunately, changes to browser privacy rules have made it impossible for our boards to reliably work in an iframe.

Therefore we no longer support HTML iframes for embedding your board.

Why don't we support iframes?

In brief: because browsers are increasingly blocking cookies from working inside an iframe, when the iframe contains content from a server other than your site's own server. And that stops Feature Upvote from working in an iframe.

Here's the long, detailed technical explanation:

For Feature Upvote (or indeed, most web apps) to work properly, we need to use the browser feature called ”cookies”. Yes, these are the same cookies that many websites prompt you to allow.

Cookies allow us to:

  • implement sign-in functionality,
  • remember what activity you've performed on your board in the current session,
  • remember what activity you've performed between sessions,
  • implement certain security measures, such as protection from "cross-side request forgeries"

So, we need to use cookies.

Now, when you embed your board (which is hosted on our server) in your app, the cookies we send are "third-party cookies". Your app is the first-party; our server is the third-party.

Third-party cookies increasingly are blocked by browsers

Third-party cookies have become widely abused by privacy-invading companies seeking to track you from site to site.

To help in the fight to maintain your privacy online, browsers are starting to ban third-party cookies.

At the time of writing:

  • Safari blocks third-party cookies altogether.
  • Chrome blocks third-party cookies when inincognito mode.
  • Chrome is planning to block all third-party cookies later this year.
  • In preparation for this, Chrome is already blocking third-party cookies for 1% of normal users

Alternative to using an iframe

We've created a Javascript snippet that embeds a basic version of your board inside your own web app. Read more.