Booker Seems Unconcerned with Keeping its SASS Software up to Date – The Ongoing iFrame Issue

From the beginning, we chose to display the Booker scheduling window within an iFrame on our site. We do this for a few important reasons. First, because it takes us a great deal of time to build trust with our customers, and while they still may not trust an outside link or website, they trust us and what we display on our site. Second, displaying the Booker scheduling window within an iFrame gives us a small amount of control over what Booker decides to serve up to our customers. I say a small amount, because our customers will never care about Booker’s home page branding and link that they code into our scheduling window, even though Booker does not allow a way for us to turn that off. (It’s worth mentioning here that many free services require an opt-in of that service’s branding, while most paid services allows users to turn this branding off. MailChimp, for example, allows paid account users to turn their branding off, Booker does not.)

On 1-27-20, I reported an issue to Booker where their scheduling login window was still showing up on my site, but my customers are unable to login into that window. I was able to confirm this using several different customer accounts. The tech support rep initially implied that I must have changed something on my site and that I will need to research and test on my end. This kind of pushback has consistently been my experience with Booker, blame issues on their customers first.

After assuring the tech support rep that nothing had changed on my site, I also informed her that this was not the first time there was a Booker-caused issue regarding the use of iFrames. The last time for me was 4-30-16. Back in 2016, it took Booker several weeks to figure out what was gong on. During that time, we had to find alternate ways for our customers to make appointments.

This time, I did much of my own testing and consulted with several friends who are software developers. I was sincerely thinking that I may be able to point the software technicians at Booker in the right direction to implement a quicker fix. Here is what I sent them:

“It appears that the x-frame option is using syntax that is no longer supported by modern browsers.”

CleanShot 2020-01-29 at 13.44.48

Along with this information from Mozilla’s developer site:

allow-from uri (obsolete) This is an obsolete directive that no longer works in modern browsers. Don’t use it. In supporting legacy browsers, a page can only be displayed in a frame on the specified origin uri. Note that in the legacy Firefox implementation this still suffered from the same problem as sameorigin did — it doesn’t check the frame ancestors to see if they are in the same origin. The Content-Security-Policy HTTP header has a frame-ancestorsdirective which you can use instead. [Copied from:]

This was to let them know precisely what the problem was.

I received a response back the next day from someone who identified himself as a Technical Case Manager. This was his response:

When a defect is identified our product team prioritizes if and when it will be fixed based on the severity of the defect and the significance of the necessary code changes. This can result in some defects taking longer to be resolved than others or at times a defect not being fixed.  We are unable to provide you with a date when you can expect a fix, but we will update this incident again once a solution has been sent out in one of our twice a month releases.

And my response to him after scratching my head for a day trying to make sense of it:

As always, I do appreciate the feedback. Nonetheless, it baffles me when a company like MindBody Booker essentially says, “we have limited interest in keeping our web code up to date and in step with modern browsers.”

It has currently been nearly two weeks since I reported this to Booker. I have received no further responses and no fix yet. I am still having to send my customers elsewhere for them to make their appointments, or we have to have staff  make their appointments for them.

At this point, you may ask, “So what good is Booker if your customers cannot make their own appointments and now your company is paying staff to make those appointments instead?” What good is Booker, indeed!