cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
psimun
New Member

Control Content Security Policy in PowerApps application

Hi community,

 

do you know any means how to control Content Security Policy (CSP) within PowerApps? I am facing sudden change in behaviour where my script gets blocked. I would like to append the domain the script is communicating with into the list of allowed CSPs. Is it possible to configure somehow?

 

Thank you.

5 REPLIES 5

Please clarify what kind of script and what kind of power app (canvas app, model driven app, or portal)

VeeraVaishnavi
Advocate I
Advocate I

Hi, 

 

We are facing a similar issue.

 

We have embed canvas app in model driven app.

Embed the model drivel app into portal.

When portal is launched, the canas app embed in model driven app is blocked due to content security policy.

 

Below is the error details.

Failed to load resource: the server responded with a status of 502 ()

  1. Content Security Policy of your site blocks some resources
    1. Some resources are blocked because their origin is not listed in your site's Content Security Policy (CSP). Your site's CSP is allowlist-based, so resources must be listed in the allowlist in order to be accessed.

      A site's Content Security Policy is set either as via an HTTP header (recommended), or via a meta HTML tag.

      To fix this issue do one of the following:

      • (Recommended) If you're using an allowlist for 'script-src', consider switching from an allowlist CSP to a strict CSP, because strict CSPs are more robust against XSS . See how to set a strict CSP .
      • Or carefully check that all of the blocked resources are trustworthy; if they are, include their sources in the CSP of your site. ⚠️Never add a source you don't trust to your site's CSP. If you don't trust the source, consider hosting resources on your own site instead.
    2. AFFECTED RESOURCES
      1. 1 directive
        1. ResourceStatusDirectiveSource Location
          https://apps.powerapps.com/blockedframe-ancestors 
      • Learn more: Content Security Policy - Source Allowlists

Kindly guide and provide inputs on how to solve this .

 

Thanks!

dev-angular
New Member

Hi I am also facing the same issue, using the new powerbi-client-angular package released by Microsoft.

 

Embeded report in an Angular app then. 

 

The problem seems to be coming from the report side.

 

Did you have any solution for that?

 

Thank you,

VeeraVaishnavi
Advocate I
Advocate I

Hi,

 

In my scenario, MS had informed that the canvas app embed in the model driven app works only if its within the CRM and it is blocked when launched via portal.

 

Since this is not achievable as per Microsoft security policy, we dropped this idea and looked for other options.

 

Kindly raise ticket with MS and look for solutions. Thanks!

annazurawska
Frequent Visitor

Hi,

 

i'm trying to display Share Point site (internal office 365 SP site) with an iframe in model driven app. I'm facing similar issue, it says that CSP block the resource. Did any of you find some solution of how to make it work?Capture.JPG

 

I tried to display it as Html Web resource but it does not look well.Capture2.JPG

Thank you in advance for the response.

Warm Regards,

Anna

 

Helpful resources

Announcements
Microsoft 365 Conference – December 6-8, 2022

Microsoft 365 Conference – December 6-8, 2022

Join us in Las Vegas to experience community, incredible learning opportunities, and connections that will help grow skills, know-how, and more.

Power Apps Ideas

Check out the New Ideas Site

We are excited to announce a new way to share your ideas for Power Apps!

Top Solution Authors
Top Kudoed Authors
Users online (3,875)