Showing results for 
Search instead for 
Did you mean: 
New Member

Control Content Security Policy in PowerApps application

Hi community,


do you know any means how to control Content Security Policy (CSP) within PowerApps? I am facing sudden change in behaviour where my script gets blocked. I would like to append the domain the script is communicating with into the list of allowed CSPs. Is it possible to configure somehow?


Thank you.


Please clarify what kind of script and what kind of power app (canvas app, model driven app, or portal)

Advocate I
Advocate I



We are facing a similar issue.


We have embed canvas app in model driven app.

Embed the model drivel app into portal.

When portal is launched, the canas app embed in model driven app is blocked due to content security policy.


Below is the error details.

Failed to load resource: the server responded with a status of 502 ()

  1. Content Security Policy of your site blocks some resources
    1. Some resources are blocked because their origin is not listed in your site's Content Security Policy (CSP). Your site's CSP is allowlist-based, so resources must be listed in the allowlist in order to be accessed.

      A site's Content Security Policy is set either as via an HTTP header (recommended), or via a meta HTML tag.

      To fix this issue do one of the following:

      • (Recommended) If you're using an allowlist for 'script-src', consider switching from an allowlist CSP to a strict CSP, because strict CSPs are more robust against XSS . See how to set a strict CSP .
      • Or carefully check that all of the blocked resources are trustworthy; if they are, include their sources in the CSP of your site. ⚠️Never add a source you don't trust to your site's CSP. If you don't trust the source, consider hosting resources on your own site instead.
      1. 1 directive
        1. ResourceStatusDirectiveSource Location
      • Learn more: Content Security Policy - Source Allowlists

Kindly guide and provide inputs on how to solve this .



New Member

Hi I am also facing the same issue, using the new powerbi-client-angular package released by Microsoft.


Embeded report in an Angular app then. 


The problem seems to be coming from the report side.


Did you have any solution for that?


Thank you,

Advocate I
Advocate I



In my scenario, MS had informed that the canvas app embed in the model driven app works only if its within the CRM and it is blocked when launched via portal.


Since this is not achievable as per Microsoft security policy, we dropped this idea and looked for other options.


Kindly raise ticket with MS and look for solutions. Thanks!

Not applicable



i'm trying to display Share Point site (internal office 365 SP site) with an iframe in model driven app. I'm facing similar issue, it says that CSP block the resource. Did any of you find some solution of how to make it work?Capture.JPG


I tried to display it as Html Web resource but it does not look well.Capture2.JPG

Thank you in advance for the response.

Warm Regards,



Helpful resources

Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Community Call Conversations

Introducing the Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

Top Solution Authors
Top Kudoed Authors
Users online (2,522)