We are a CPQ ISV and have developed a number of PCF components that are distributed with our managed solution. One PCF component contains an IFRAME with the source URL pointing to our service running in Azure i.e. 3rd party content.
Browsers vendors are evolving to a more restrictive security policy e.g. X-Frame-Options: SAMEORIGIN the prevents clickjacking attacks and and CSFR cookie configuration SameSite=Lax that prevents CSRF.
I have a general question: Are there any plans to deprecate, obsolete or perhaps improve IFRAME support in Canvas or Model-driven apps? Any feedback / guidance is appreciated.
Hi @iwaldman ,
Can you please initiate an email with me on this and share some more details on the issues/potential problems you are seeing with your solution ? I am not aware of any deprecation plans for iFrames on canvas or model apps.
I have reached out to engineering too for review and recommendation on this and will update the thread if I have any new information to share.
Providing a little more context to my question:
WebKit and Chrome are implementing user privacy features to thwart "tracking cookies" and other means of following a user across the Internet without their consent.
As a part of that effort, those browsers plan to disable third-party cookies entirely by 2022.
This is not a concern for application UIs that live at the top of the document window, but should be a major concern for any UI that has been typically embedded using an IFRAME in another site (such as a customer's on-premise system, or another cloud service like Dynamics 365 or Salesforce).
Without cookies (and this includes LocalStorage) embedded SSO will be difficult.
Check out new user group experience and if you are a leader please create your group
Check out how to claim yours today!
Test your skills now with the Cloud Skill Challenge.
We are excited to announce that Demo Extravaganza for 2021 has started!