web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Canvas App Iframe PCF ...
Power Apps
Answered

Canvas App Iframe PCF Component Refused to Connect to SharePoint

(1) ShareShare
ReportReport
Posted on by Louis Joyce 23
Hello,
 
I have a Canvas app with an Iframe PCF component that I am looking to use to display the version history for selected SharePoint list items.
In the PowerApps studio, this works as expected with no issues, but once the app is published the Iframe shows domain.sharepoint.com refused to connect and the error given from the dev console is:
 
'Refused to frame 'https://domain.sharepoint.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com teams.cloud.microsoft *.office365.com goals.cloud.microsoft *.powerapps.com *.powerbi.com *.yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com m365.cloud.microsoft *.cloud.microsoft *.stream.azure-test.net *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com".'
 
As *.powerapps.com is mentioned here and the app is connecting from apps.powerapps.com I do not understand why this doesn't work, is there any way to see the full path this takes or where this is falling down? This is O365 SharePoint so the fixes I've seen online for changing CSP headers in IIS are not possible here unfortunately. See screenshots for what shows in the studio vs published app.
 
Any help or guidance on this would be appreciated.
Categories:
Building Power Apps
Studio.png
Published.png
I have the same question (0)
  • Verified answer
    Jon Unzueta Profile Picture
    Jon Unzueta 1,827 Super User 2025 Season 2 on at

    You're encountering a Content Security Policy (CSP) restriction that prevents your published PowerApps Canvas app from embedding SharePoint pages via an iframe. Here's a breakdown of what's happening and what you can do:

    🔍 Why It Works in Studio but Not When Published

    In PowerApps Studio, the app runs in a development context that may not enforce the full CSP headers. Once published, however, the app is subject to stricter CSP enforcement, especially the frame-ancestors directive, which controls which domains are allowed to embed content in an iframe.

    The error message:

    'Refused to frame 'https://domain.sharepoint.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors ..."

    means that SharePoint Online explicitly disallows being embedded in iframes from domains not listed in its CSP, even if *.powerapps.com is included.

    ⚠️ Key Limitation

    Even though *.powerapps.com is allowed in the CSP of PowerApps, SharePoint Online itself sets its own CSP headers that block embedding in iframes from PowerApps domains. This is a security measure by Microsoft to prevent clickjacking and unauthorized embedding.

     

     Possible Workarounds

    1. Use SharePoint REST API to Fetch Version History
      Instead of embedding the SharePoint UI, use Power Automate or a custom connector to call the SharePoint REST API and retrieve version history, then display it natively in your Canvas app.

    2. Open in a New Tab
      If embedding is not essential, provide a button that opens the SharePoint item version history in a new browser tab.

    3. Use PowerApps Model-Driven App or SPFx Web Part
      If you need richer integration, consider using a Model-Driven App or a SharePoint Framework (SPFx) web part, which can be embedded directly in SharePoint and have more control over CSP.

    4. Custom Proxy Service (Advanced)
      You could build a proxy service that fetches and renders the SharePoint content server-side, stripping CSP headers. However, this is complex and may violate Microsoft’s terms of service.

     

    If the response is helpful to you, a like or mark as the correct solution. thank you so much!

  • Louis Joyce Profile Picture
    Louis Joyce 23 on at
    @Jon Unzueta Thank you for the detailed response, I've set it up to open the Version History in a new tab for the time being whilst I do some further digging into getting the information needed via the REST API.
  • Jon Unzueta Profile Picture
    Jon Unzueta 1,827 Super User 2025 Season 2 on at
    @Louis Joyce I'm glad I could help you.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 739 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 343 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans