The process of acquisition of tokens for the Power BI REST API and acquisition of the Power BI embedding token itself have been moved to the backend. This will ensure that Azure AD tokens created on behalf of the Power BI Service account cannot be used to query any other Power BI endpoints other than the intended purpose of embedding a report that a user has access to in Loome Publish.
We have made a number of improvements to XSS protection. When submitting data used in HTML or enriched text box forms, the API will reject these requests when they contain potential cross-site scripting problems. Notably in assets and discussions.
Please click the download below based on your deployment scenario.