Content Security Policy (CSP) Issue in Outlook Add-In: 'app-name' Scheme Blocked
Ananya Shetty
0
Reputation points
Overview of the issue:
I encounter a CSP-related issue while integrating the 'app-name' scheme in my Outlook Add-In. Despite updating the manifest and headers, the browser blocks the custom scheme and shows the error:
Refused to frame '' because it violates the following Content Security Policy directive: "frame-src *". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'app-name:' must be added explicitly.
Steps taken:
Added <meta http-equiv="Content-Security-Policy" content="frame-src 'self' app-name:;/> in the template HTML file.
I also added the app name in the XML file
<AppDomain>app-name:</AppDomain>
Platform:
This happens in all platforms and environments
Expected Outcome:
I want to open the app when we click on a button from the add-in
Sign in to answer