Forum Discussion
The ms-appinstaller protocol has been disabled.
bvenhaus Thank you for your question. We removed the ms-appinstaller custom scheme due to a security vulnerability. We do intend to bring this back, and are working on it. For now, you can update the link on your website by removing 'ms-appinstaller:?source='
<html> <body> <h1> MyApp Web Page </h1> <a href="http://mywebservice.azureedge.net/HubApp.msix"> Install app package </a> <a href="http://mywebservice.azureedge.net/HubAppBundle.msixbundle"> Install app bundle </a> <a href="http://mywebservice.azureedge.net/HubAppSet.appinstaller"> Install related set </a> </body> </html>
To anyone else facing implementing a workaround and is using Azure pipelines:
here is a yaml task that will edit the generated html to remove the protocol and include explicit instructions that the button will cause a download, and the downloaded file should be run.
Anonymized example from my implementation:
And here is the task:
- task: PowerShell@2
inputs:
targetType: 'inline'
script: |
$x = gci -Recurse *.html
$page = get-content $x
$newpage = $page | foreach { [regex]::Replace( $_,'ms-appinstaller\:\?source\=','' ) }
$newpage = $newpage | foreach { [regex]::Replace( $_,'(<div class.*app-description[^<]*</div>)','$1'+[System.Environment]::NewLine+'<div class="insert instructions"><p style="color:red" >Installation instructions:<br>1. Click the install button to begin download of installer file<br>2. After download completes run installer file to install application</p></div>' ) }
set-content $x -Value $newpageNote that there may be more efficient ways of accomplishing this, but I went with what I knew and could make generic.
If my understanding is correct, we just need to remove "ms-appinstaller:?source=" in index.html generated by Visual Studio.
In other words:
Change
<a href='ms-appinstaller:?source=https://www.mydomain.com/download/myapp.appinstaller'>
to
<a href='https://www.mydomain.com/download/myapp.appinstaller'>
zipswich That is correct. The other thing we opted to do was add instructions to the html above the install button to handle the behavior change.
It would appear this workaround requires end users to download, save, and open the application bundle. This is something we try to drill into there heads that they should not do. It also means that apps that normally automatically update will not be able to do so. Can you imagine Android or iOS disabling auto updates globally??? Unbelievable! As a result this only a partial work-around creates more problems than it solves, especially if updates need to distribute current data with the application. PLEASE MICROSOFT provide guidance on how long it will be before side loading from a web site will be enabled again!!!
- I assume the Engineer responsible for this has carried out a thorough risk assessment, taking into account customer impact and loss of service.
This is despicable, can anyone in Microsoft be actually bothered to reply. Also what compenmsation scheme is in place for Microsoft customer.
@hrb-1 PLEASE MICROSOFT provide guidance on how long it will be before side loading from a web site will be enabled again!!!
