Oct 14 2021 06:43 PM
Hi,
I have created a Teams app, which contains static tabs (i.e. "personal" tabs). The tab content is hosted in SharePoint and uses MSAL v1.4.14 for authentication.
However, I'm seeing the following "sameSite" cookie problems:
Because a cookie's SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which will prevents the cookie from being set in a cross-site context in a future version of the browser. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.
Specify SameSite=Strict or SameSite=Lax if the cookie should not be set by cross-site requests
This problem only occurs in the Windows desktop version of Teams. I don't see it when I use Teams within a browser.
I cannot find any information on how to fix this problem. Is it a bug in the desktop version of Teams and/or the MSAL library?
I found the following:
https://docs.microsoft.com/en-us/microsoftteams/platform/resources/samesite-cookie-update#samesite-c...
but I am not sure how I can fix my problem.
Here are some images of the errors I am seeing:
Thanks,
George
Oct 17 2021 11:21 PM
Oct 18 2021 06:39 AM
The issue is reproduced when I access a simple html page in a static tab. I also see this problem when I host my application using a web server instead of SharePoint. I observed the same SameSite warnings in two different test tenant.
Here is what my app manifest file looks like:
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.9/MicrosoftTeams.schema.json",
"manifestVersion": "1.9",
"version": "1.0.0",
"showLoadingIndicator": true,
"id": "cbfe33f3-04d1-4f41-ae80-849385d6bf33",
"packageName": "test",
"developer": {
"name": "Test App",
"websiteUrl": "https://testapp.com/",
"privacyUrl": "https://testapp.com/privacy-policy",
"termsOfUseUrl": "https://testapp.com/terms-use"
},
"icons": {
"color": "color.png",
"outline": "outline.png"
},
"name": {
"short": "Test",
"full": "Test Application"
},
"description": {
"short": "Test Application",
"full": "This app is a test application"
},
"accentColor": "#DA2DF0",
"staticTabs": [
{
"entityId": "tab1",
"name": "Tab #1",
"contentUrl": "https://gctest71.sharepoint.com/_layouts/15/teamslogon.aspx?SPFX=true&dest=/Shared%20Documents/test/index.aspx",
"websiteUrl": "https://gctest71.sharepoint.com/Shared%20Documents/test/index.aspx",
"scopes": [
"personal"
]
},
{
"entityId": "tab2",
"name": "Tab #2",
"contentUrl": "https://gctest71.sharepoint.com/_layouts/15/teamslogon.aspx?SPFX=true&dest=/Shared%20Documents/test/phone.aspx",
"websiteUrl": "https://gctest71.sharepoint.com/Shared%20Documents/test/phone.aspx",
"scopes": [
"personal"
]
},
{
"entityId": "about",
"scopes": [
"personal"
]
}
],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"gctest71.sharepoint.com"
],
"webApplicationInfo": {
"id": "00000003-0000-0ff1-ce00-000000000000",
"resource": "https://gctest71.sharepoint.com"
},
"localizationInfo": {
"defaultLanguageTag": "en-us",
"additionalLanguages": [
{
"languageTag": "fr",
"file": "locale_fr.json"
},
{
"languageTag": "es",
"file": "locale_es.json"
}
]
}
}
Here is what my Azure AD authentication configuration looks like for my App:
Oct 19 2021 06:04 AM
Oct 20 2021 08:51 PM
I have created a minimal app, which can reproduce the problem. Here is how to configure/deploy it:
Note: the Redirect URI is:
https://<SharePointe tenant URI>/<SharePoint File Path>/silent-end.aspx
Testing:
- Open the "Dev Tools" for the desktop Teams application.
- Click on "Go to Issues".
You will see the following:
Note: You may not see all of the SameSite warnings right away. You can click ontrhe refresh button and/or sign out/in to see them.
Thanks!
Oct 21 2021 06:55 AM
Oct 24 2021 11:42 PM
Oct 25 2021 05:48 PM
Nov 07 2021 09:01 PM
Dec 15 2021 08:59 AM
We have tried multiple way but we are not having repro of this issue. Can you please confirm if you are still facing this issue? and getting it on latest Teams client? Did you tried updating packages to latest.