• 1 min read

Power Apps portals: SameSite mode and its use when hosting your portal in an iframe


Starting with portals version 9.3.6.x, portal makers have settings available to specify SameSite, which is an attribute of the Set-Cookie HTTP response header and allows makers to declare if their cookies should be restricted to a first-party or same-site context.

SameSite mode changes were announced on our Important changes are coming in Power Apps portals topic earlier.

Site Setting Name Scope Possible value
HTTP/SameSite/Default Global, for all cookies. None
Lax
Strict
HTTP/SameSite/{CookieName} Specific cookie. None
Lax
Strict

We have also published a step-by-step  article about how-to iframe your portal in another website and it exemplifies the SameSite mode settings that are needed for it. You can read the article here.
Important: As noted in the announcement, starting October 2021 all newly provisioned portals will have Strict as the Default value instead of None. This impacts functionality in scenarios like when you iframe  your portal in other website.
We recommended that you review this setting for your portal in case they have a functionality that requires SameSite to be set to any other value than Strict and use the site settings to adjust the value accordingly.

 

 

Related Content

  • Power Apps
    Power Fx code in the Power Apps Formula bar showing a User Defined Function.
    • 6 min read

    What’s new in Power Apps: June 2025 Feature Update

    AI-powered Development Check out the latest updates in this month’s Power Apps Pulse! This month we’re giving you tools to share plans with your project stakeholders, we’ve added a maker setting to tailor your authoring experience, and we want *your* feedback about User Defined Functions and User Defined Types! Take a look at these updates […]