Power Apps portals: SameSite mode and its use when hosting your portal in an iframe
Starting with portals version 9.3.6.x, portal makers have settings available to specify SameSite, which is an attribute of the Set-Cookie HTTP response header and allows makers to declare if their cookies should be restricted to a first-party or same-site context.
SameSite mode changes were announced on our Important changes are coming in Power Apps portals topic earlier.
| Site Setting Name | Scope | Possible value |
|---|---|---|
| HTTP/SameSite/Default | Global, for all cookies. | None Lax Strict |
| HTTP/SameSite/{CookieName} | Specific cookie. | None Lax Strict |
We have also published a step-by-step article about how-to iframe your portal in another website and it exemplifies the SameSite mode settings that are needed for it. You can read the article here.
Important: As noted in the announcement, starting October 2021 all newly provisioned portals will have Strict as the Default value instead of None. This impacts functionality in scenarios like when you iframe your portal in other website.
We recommended that you review this setting for your portal in case they have a functionality that requires SameSite to be set to any other value than Strict and use the site settings to adjust the value accordingly.
