Power Apps portals: SameSite mode and its use when hosting your portal in an iframe

Headshot of article author Sandeep Dhanrajani

Starting with portals version 9.3.6.x, portal makers have settings available to specify SameSite, which is an attribute of the Set-Cookie HTTP response header and allows makers to declare if their cookies should be restricted to a first-party or same-site context.

SameSite mode changes were announced on our Important changes are coming in Power Apps portals topic earlier.

Site Setting NameScopePossible value
HTTP/SameSite/DefaultGlobal, for all cookies.None
Lax
Strict
HTTP/SameSite/{CookieName}Specific cookie.None
Lax
Strict

We have also published a step-by-step  article about how-to iframe your portal in another website and it exemplifies the SameSite mode settings that are needed for it. You can read the article here.

Important: As noted in the announcement, starting October 2021 all newly provisioned portals will have Strict as the Default value instead of None. This impacts functionality in scenarios like when you iframe  your portal in other website.
We recommended that you review this setting for your portal in case they have a functionality that requires SameSite to be set to any other value than Strict and use the site settings to adjust the value accordingly.

- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

- Advertisement -

More Articles Like This

- Advertisement -