Applies to Product - Power Pages
What’s happening?
Customers are unable to block access to the OData metadata for unauthenticated users through Power Apps, which has been flagged as a security vulnerability.
Reason:
The OData feature has been deprecated, leading to issues with blocking access to metadata for unauthenticated users.
Resolution:
- Check the site setting Site/EnforceEntityPermissionsOData. If it is not set or set to false, try setting it to true to see if this helps mitigate this.
- It is recommended to transition away from using OData and instead utilize WebAPIs going forward.
