Frames would like to preserve state between stateless requests and pass application-defined data to Frame servers. Some Frames have already implemented this pattern by serializing application state in URL query parameters, but they are limited by the current 256-byte length restriction on frame URLs.


Add a new fc:frame:state value and tag. Frame servers may set this value and apps must sign and include it in the Frame Signature Packet.

<meta property="fc:frame:state" content="{\\"counter\\":1,\\"idempotency_key\\":\\"431b8b38-eb4d-455b-b497-5f4ffb4cf061\\"}" />

Apps must not deserialize state values and must include the raw value in the Frame Signature Packet as arbitrary bytes. If a Frame server response does not include a state value, apps must set it to empty bytes.

Frame servers are responsible for interpreting state values and may use whatever serialization format they wish. Since initial frame values are cached, Frame servers MUST NOT include state in their initial response. Frame servers should take appropriate security precautions when deserializing and validating state.

Message Changes

Extend FrameActionBody with an optional state value that may be up to 4kb. (The maximum size of a browser cookie).

message FrameActionBody {
  bytes state = 4; // (optional) State value sent by sever