Forum Discussion
SameSite cookie problems in deskop version of Teams
Hi,
I have created a Teams app, which contains static tabs (i.e. "personal" tabs). The tab content is hosted in SharePoint and uses MSAL v1.4.14 for authentication.
However, I'm seeing the following "sameSite" cookie problems:
Because a cookie's SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which will prevents the cookie from being set in a cross-site context in a future version of the browser. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.
Specify SameSite=Strict or SameSite=Lax if the cookie should not be set by cross-site requests
This problem only occurs in the Windows desktop version of Teams. I don't see it when I use Teams within a browser.
I cannot find any information on how to fix this problem. Is it a bug in the desktop version of Teams and/or the MSAL library?
I found the following:
https://docs.microsoft.com/en-us/microsoftteams/platform/resources/samesite-cookie-update#samesite-cookie-attribute-2020-release
but I am not sure how I can fix my problem.
Here are some images of the errors I am seeing:
Thanks,
George
9 Replies
- Could you please share more information on how to repro this issue?
ThanksThe issue is reproduced when I access a simple html page in a static tab. I also see this problem when I host my application using a web server instead of SharePoint. I observed the same SameSite warnings in two different test tenant.
Here is what my app manifest file looks like:
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.9/MicrosoftTeams.schema.json",
"manifestVersion": "1.9",
"version": "1.0.0",
"showLoadingIndicator": true,
"id": "cbfe33f3-04d1-4f41-ae80-849385d6bf33",
"packageName": "test",
"developer": {
"name": "Test App",
"websiteUrl": "https://testapp.com/",
"privacyUrl": "https://testapp.com/privacy-policy",
"termsOfUseUrl": "https://testapp.com/terms-use"
},
"icons": {
"color": "color.png",
"outline": "outline.png"
},
"name": {
"short": "Test",
"full": "Test Application"
},
"description": {
"short": "Test Application",
"full": "This app is a test application"
},
"accentColor": "#DA2DF0",
"staticTabs": [
{
"entityId": "tab1",
"name": "Tab #1",
"contentUrl": "https://gctest71.sharepoint.com/_layouts/15/teamslogon.aspx?SPFX=true&dest=/Shared%20Documents/test/index.aspx",
"websiteUrl": "https://gctest71.sharepoint.com/Shared%20Documents/test/index.aspx",
"scopes": [
"personal"
]
},
{
"entityId": "tab2",
"name": "Tab #2",
"contentUrl": "https://gctest71.sharepoint.com/_layouts/15/teamslogon.aspx?SPFX=true&dest=/Shared%20Documents/test/phone.aspx",
"websiteUrl": "https://gctest71.sharepoint.com/Shared%20Documents/test/phone.aspx",
"scopes": [
"personal"
]
},
{
"entityId": "about",
"scopes": [
"personal"
]
}
],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"gctest71.sharepoint.com"
],
"webApplicationInfo": {
"id": "00000003-0000-0ff1-ce00-000000000000",
"resource": "https://gctest71.sharepoint.com"
},
"localizationInfo": {
"defaultLanguageTag": "en-us",
"additionalLanguages": [
{
"languageTag": "fr",
"file": "locale_fr.json"
},
{
"languageTag": "es",
"file": "locale_es.json"
}
]
}
}Here is what my Azure AD authentication configuration looks like for my App:
- What are seeing on the tab, Could you please share the screenshot? Do you have another authentication on your SharePoint? Can you share minimal repro steps?
