Call URL Handler leads to crash in new Teams

Copper Contributor

I have a problem with an application which we are developing.

This happens only in the new Teams Application.


Basically I need to start an external Program, which is registered in Windows with a specific URL Handler. It worked fine in the old version. The command I use is a simple:`myOwnUrlHandler:${u8sSIPAddress}`, "_self");



The error I get is:


Refused to frame '' because it violates the following Content Security Policy directive: "frame-src blob: data: https: acrobat2018: ales: arcb: blocked: bookmark: ciscotel: cloudya: companyportal: deltapath-engage: devtools: jamfselfservice: mailto: maxuccall: microsoft-edge: ms-access: ms-actioncenter: ms-appx-web: ms-excel: ms-infopath: ms-powerpoint: ms-project: ms-publisher: ms-settings: ms-spd: ms-teams: ms-visio: ms-whiteboard-preview: ms-word: msteams: notes: odopen: officeathand: onenote: openapp: opentouch: pdf: rcapp: rctelus: sebs: sip: sips: softwarecenter: suknil: tel: unifyoffice: vscode-insiders: vscode: vsls: wazo: webex: webextel: x-apple.systempreferences:".


What has changed? Am I doing something wrong?


Thanks for any suggestion...

9 Replies
Hello @MatthiasAbele - Thanks for raising your query.
Could you please share the exact link format that you are using to test

@ChetanSharma-msftI call like this:"test-url-handler:email address removed for privacy reasons", "_self");


test-url-handler is a valid url handler registered in windows. If I call "test-url-handler:email address removed for privacy reasons" from a browser it actually opens the registered application as desired.





Hello @MatthiasAbele - Thanks for sharing the information.
This issue is because of violation of Content Security Policy in Teams.
So, we will confirm with engineering team and let you know the updates whether it is not supported or a bug.

Hello @MatthiasAbele
we have got an update from our engineering team.
We've always had that CSP header in place for the Teams Web Client (T1 and T2.1); it's now also in effect for the New Teams Desktop Client (T2.1). This header is necessary to ensure the security. If you need to launch out to a native app via a custom protocol, you can use any one of these options:

1)Call with target parameter set to "_blank" instead of "_self".
2)Use an anchor tag with target="_blank"
3)Call the or SDK API


Very valuable information. For all 3 options you gave me, the link is now working fine, no crashes.


1) tel:+0000000000 is working

2) test-url-handler:email_address is NOT working


on 1) the correcty registered handler for tel: is called

on 2) nothing happens. When I use the openLink call, the Promise is correctly fulfilled, no errors thrown, but no URL handler outside is called.


Any idea?


Thanks a lot :)



Hello @MatthiasAbele - As you are not getting any error, we are not able to investigate it further.
Did you try with using an anchor tag with target="_blank" or other suggested ways?

I tried with all suggested ways.
All of them do not throw any error anymore.

But it's not working. It looks like as if the new teams app is not passing non-standard url handlers to the operating system. So something standard as tel: is working, and the registered application is called, but not those we are using for our application (which are also correctly registered in windows and work if called from a browser).

With the old Teams everything is working as expected.

Thanks for sharing the information.
We will check with engineering team if all custom handlers are supported in new Teams client and let you know the updates.
Hello @MatthiasAbele
We’ve had an allow list in place for both T1 and T2.1 desktop clients for a while now. These lists are aligned so any protocols which worked in T1 should also work in T2.1. You can find the current allow list here:
export const allowedProtocols = [