I can’t replicate this and I use chrome. The email field is always there no matter how much I resize. What I do know though is that the email field will disappear if you don’t pass the “si” (sponsor id?) parameter in the url.
UPDATE:
I compared the iframe and non-iframe requests in Fiddler and I think I found the reason why it’s not showing, but I’m pretty sure it’s on your-surveys’s end, because the feature in chrome that messes this up was added in version 51, which was like 2 years ago.
The ys router link will redirect you to ys.com/routing, but also sets the “[SIZE=2]p[/SIZE]oints2shop” cookie. The omission of this cookie results in the ys server including a css snippet that hides the login box.
If you inspect the set-cookie header, you can see the “SameSite” attribute set to Lax at the very end.
The SameSite cookie feature thingy is a measure to prevent CSRF, and ys has it set to Lax, which is the most lax setting, but it’s still too strict for iframes.
There are two possible values for the same-site attribute:
In the strict mode, the cookie is withheld with any cross-site usage. Even when the user follows a link to another website the cookie is not sent.
In lax mode, some cross-site usage is allowed. Specifically if the request is a GET request and the request is top-level. Top-level means that the URL in the address bar changes because of this navigation. This is not the case for iframes, images or XMLHttpRequests.
As a result, the “[SIZE=2]p[/SIZE]oints2shop” cookie is not set in Chrome. Firefox added support for the samesite cookie in version 60, which is the current main release, so the same behavior should be expected in FF as well soon.
[SIZE=“4”]TL;DR[/SIZE]
It’s because of the “SameSite” attribute being set on the “[SIZE=2]p[/SIZE]oints2shop” cookie. Iframe requests aren’t classified as top-level, so the cookie isn’t set when ys is loaded in an iframe, and the login box therefore remains hidden.
SameSite has been implemented in Chrome for a while, so your-surveys is most likely at fault here. The solution would be for them to omit the SameSite attribute entirely from the “[SIZE=2]p[/SIZE]oints2shop” cookie.
[SIZE=“7”]TL;DR of TL;DR[/SIZE]
[SIZE=“5”]IT’S ALL YS’s FAULT!!!1![/SIZE]