Skip to main content

Notifications

Community site session details

Community site session details

Session Id : hoBVeNYxPG33ubMiKgl7BQ
Power Pages - General Discussions
Answered

Embed Power Page as an Iframe on an external website - Site Settings and HTTP/Content-Security-Policy

Like (0) ShareShare
ReportReport
Posted on 24 Aug 2022 03:44:24 by 88

Hi All, I have created a Power Pages Website https://myorg-cars.powerappsportals.com

and I want to embed it's homepage as an iframe into a separate External Website https://www.externalwebsite.com.au   (both ficticious names for this post)

 

How can I do this ? I have found this documentation but cannot get it to work.  

Embed a portal in another website by using an iframe - Power Apps | Microsoft Docs

I receive a 'You are not authorized to access this page' message on the external website where the iframe is.

 

PurdyeS_0-1661311972462.png

 

I'm using a new Power Pages site so I believe I dont have to worry about SameSite mode changes

Any help would be appreciated

 

Categories:
  • Christian Leverenz Profile Picture
    1,214 on 23 Oct 2023 at 14:52:38
    Re: Embed Power Page as an Iframe on an external website - Site Settings and HTTP/Content-Security-Policy

    Hi @prao14 ,

    as @PurdyeS pointed out, you can use that sitesetting for the csp settings. If it doesn't exist, just create it. The name is the name, select the right website and enter as value whatever suits your needs.

    The site settings are not always completely present as some of the have meaningful defaults 🙂

     

    The X-Frame options are a little bit outdated and not used anymore by the major browsers as far as i know.

     

    Hope it helps,

      Christian

  • prao14 Profile Picture
    4 on 23 Oct 2023 at 11:59:31
    Re: Embed Power Page as an Iframe on an external website - Site Settings and HTTP/Content-Security-Policy

    Thanks @PurdyeS 
    I could only see X-Frames options- is this something that needs an upgrading or is there a way to go ahead with X-Frame? - Image below.

    Thanks again !

    prao14_0-1698062332336.png

     

  • PurdyeS Profile Picture
    88 on 20 Oct 2023 at 01:10:35
    Re: Embed Power Page as an Iframe on an external website - Site Settings and HTTP/Content-Security-Policy

    Hi @prao14 

    To allow your powerpage to be embedded in another website you need to have the "HTTP/Content-Security-Policy" Site Setting as shown above in your PowerApps Portal Management.  Also the website you want to embed your powerpage in needs to allow an Iframe, so you might need to talk to that site's website administrator

     

    The mozilla documentation explains about the default-src attribute  Content Security Policy (CSP) - HTTP | MDN (mozilla.org)

  • prao14 Profile Picture
    4 on 19 Oct 2023 at 13:02:13
    Re: Embed Power Page as an Iframe on an external website - Site Settings and HTTP/Content-Security-Policy

    Hi @PurdyeS , @chleverenz ,
    I am new to Power Pages, I am trying to acheive the same - Can you please help me with a step wise process to get this ?

     

    Thanks in advance ! 🙂

  • PurdyeS Profile Picture
    88 on 24 Aug 2022 at 23:03:13
    Re: Embed Power Page as an Iframe on an external website - Site Settings and HTTP/Content-Security-Policy

    Thank you very much I think you are right.   As a test I ended up embedding one powerpages site in another powerpages site in a different environment and got it working using settings as above.  However if I switch to the other site it doesnt work, so I think the issue is on the external website side.  

  • Verified answer
    Christian Leverenz Profile Picture
    1,214 on 24 Aug 2022 at 13:40:12
    Re: Embed Power Page as an Iframe on an external website - Site Settings and HTTP/Content-Security-Policy

    Hi @PurdyeS ,

    usually, you also have to configure the embedding site for allowing an iframe to be filled from another site. 

    So, its not only the embedded site allowing itself to be embedded, its also the embedding site allowing to embed. Usually, this is set via the default-src attribute as far as i remember. The mozilla documentation usally explains it very well: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

    Hope this points in the right direction,

      Christian

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Understanding Microsoft Agents - Introductory Session

Confused about how agents work across the Microsoft ecosystem? Register today!

Warren Belz – Community Spotlight

We are honored to recognize Warren Belz as our May 2025 Community…

Congratulations to the April Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 146,745 Most Valuable Professional

#2
RandyHayes Profile Picture

RandyHayes 76,287 Super User 2024 Season 1

#3
Pstork1 Profile Picture

Pstork1 66,091 Most Valuable Professional

Leaderboard
Loading started