Back to all posts

Feature Request: Configurable CSP / Third‑Party Modal Booking Support (FareHarbor Lightframe)

Summary
We are requesting support for configurable CSP allowlisting (specifically frame-src) or a sanctioned mechanism to support third‑party modal iframe overlays (e.g., FareHarbor Lightframe) within Base44 apps.

Background & Use Case

We are building a customer‑facing booking experience on Base44 using FareHarbor as our booking engine. FareHarbor provides an officially supported Lightframe modal checkout designed to keep users on the host site while completing reservations.

Our goal is to offer a low‑friction, inline booking flow that:

  • Keeps users visually and contextually within our site

  • Avoids full‑page redirects that reduce conversion

  • Matches platforms commonly used by tour, rental, and booking businesses

This is a core part of our UX and conversion strategy, not a cosmetic enhancement.

What We’ve Already Done

  • Implemented FareHarbor using their official embed and Lightframe documentation

  • Verified that the implementation works correctly on platforms that allow iframe modal overlays

  • Investigated all configuration options available within Base44

  • Engaged with Base44 Technical Support to explore:

    • CSP allowlisting

    • App‑level iframe permissions

    • Enterprise or beta options

Support confirmed that:

  • CSP headers (e.g., frame-src) are not currently configurable

  • There is no per‑app or per‑domain allowlisting

  • This limitation appears platform‑level rather than intentional permanent design

  • Inline modal checkout is not currently supported and not on a known near‑term roadmap

Current Limitation

Because Base44 does not currently allow third‑party iframe modal overlays:

  • FareHarbor Lightframe cannot load due to CSP restrictions

  • We are limited to full‑page embeds or redirects in a dedicated booking page

  • This negatively impacts UX, particularly on mobile

  • It places Base44 at a disadvantage for booking‑centric businesses compared to other site builders

Requested Enhancement

We are not requesting unrestricted iframe access, but rather one of the following controlled options:

  1. App‑level CSP configuration

    • Allow developers to explicitly allowlist trusted domains under frame-src

    • Per‑app or per‑page scope, not global

  2. Sanctioned third‑party modal support

    • A supported pattern or API for approved providers (e.g., FareHarbor, Calendly, Stripe Checkout overlays)

    • Clear security constraints defined by Base44

  3. Documented extensibility path

    • Even if not immediately supported, clarity around whether this is a supported future direction would help with architectural planning

Why This Matters

For businesses that depend on bookings (tours, rentals, appointments), inline modal checkout is a revenue‑critical feature, not just a UX preference. Supporting this use case would:

  • Improve conversion rates for Base44 customers

  • Make Base44 more competitive with other modern site builders

  • Enable more advanced, real‑world app integrations without compromising security

Closing

We appreciate the transparency from the Base44 support team and understand the current constraint. That said, we believe this is an important capability for a platform targeting modern app‑based marketing and booking flows, and we hope it can be considered for future development.

We’re happy to provide:

  • Technical details of the FareHarbor implementation

  • Sample CSP rules

  • Real‑world conversion impact data if helpful

Thank you for considering this request.

Please authenticate to join the conversation.

Upvoters
Status

In Review

Board
💡

Feature Request

Date

4 days ago

Author

brigham vargha

Subscribe to post

Get notified by email when there are changes.