Share via

Content Security Policy (CSP) Issue in Outlook Add-In: 'app-name' Scheme Blocked

Ananya Shetty 0 Reputation points
2024-12-19T16:25:16.01+00:00

Overview of the issue:

I encounter a CSP-related issue while integrating the 'app-name' scheme in my Outlook Add-In. Despite updating the manifest and headers, the browser blocks the custom scheme and shows the error:

Refused to frame '' because it violates the following Content Security Policy directive: "frame-src *". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'app-name:' must be added explicitly.

Steps taken:

Added <meta http-equiv="Content-Security-Policy" content="frame-src 'self' app-name:;/> in the template HTML file.

I also added the app name in the XML file

<AppDomain>app-name:</AppDomain>

Platform:

This happens in all platforms and environments

Expected Outcome:

I want to open the app when we click on a button from the add-in

Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
3,442 questions

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.