We're seeing a consistent HTTP 500 from https://www.figma.com/embed?embed_host=share&url=... when the viewer's browser is logged into Figma. Same embed URL, same file:
- Logged out → works
- Logged in → 500
Repro is just: open a prototype embed iframe while logged in to Figma on the affected account. The 500 happens during what looks (from devtools) like an internal refreshOnReadyForEmbed reload triggered by the auth-aware code path.
Reproducible across Chrome, Firefox, and Safari. Setting iframe.credentialless = true (Chrome only) avoids it by stripping cookies, but breaks Figma's password-protected file form, so it isn't a viable general fix.
Could someone from Figma confirm and/or give an ETA on a fix? Happy to share file IDs and HAR captures privately.
Thanks.
Note: we can reproduce reliably on some accounts but not others. We initially suspected it was specific to full-seat (paid) accounts, but we haven't fully confirmed that — login state is the only consistent differentiator we've isolated so far.
