web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / IFRAME support in Canv...
Power Apps
Unanswered

IFRAME support in Canvas or Model-driven apps

(0) ShareShare
ReportReport
Posted on by iwaldman 159

Hi,

 

We are a CPQ ISV and have developed a number of PCF components that are distributed with our managed solution. One PCF component contains an IFRAME with the source URL pointing to our service running in Azure i.e. 3rd party content. 

 

Browsers vendors are evolving to a more restrictive security policy e.g. X-Frame-Options: SAMEORIGIN the prevents clickjacking attacks and and CSFR cookie configuration SameSite=Lax that prevents CSRF.

 

I have a general question: Are there any plans to deprecate, obsolete or perhaps improve IFRAME support in Canvas or Model-driven apps? Any feedback / guidance is appreciated.

Categories:
Power Apps Pro Dev & ISV
I have the same question (0)
  • Hemant Gaur Profile Picture
    Hemant Gaur Microsoft Employee on at

    Hi @iwaldman , 

    Can you please initiate an email with me on this and share some more details on the issues/potential problems you are seeing with your solution ?  I am not aware of any deprecation plans for iFrames on canvas or model apps.

    I have reached out to engineering too for review and recommendation on this and will update the thread if I have any new information to share. 

     

    Thanks,

    Hemant 

  • iwaldman Profile Picture
    iwaldman 159 on at

    Hi @HemantG, Thanks for the timely response. I will initiate an email shortly. 

  • iwaldman Profile Picture
    iwaldman 159 on at

    Providing a little more context to my question:

     

    WebKit and Chrome are implementing user privacy features to thwart "tracking cookies" and other means of following a user across the Internet without their consent. 

     

    As a part of that effort, those browsers plan to disable third-party cookies entirely by 2022. 

     

    This is not a concern for application UIs that live at the top of the document window, but should be a major concern for any UI that has been typically embedded using an IFRAME in another site (such as a customer's on-premise system, or another cloud service like Dynamics 365 or Salesforce). 

     

    Without cookies (and this includes LocalStorage) embedded SSO will be difficult.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the April Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Vish WR Profile Picture

Vish WR 1,027

#2
Valantis Profile Picture

Valantis 644

#3
11manish Profile Picture

11manish 626

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans