Microsoft Copilot | Microsoft 365 Copilot | Development
Building and customizing solutions using Microsoft 365 Copilot APIs and tools
'mailto:' scheme doesn't work in web application embedded in MS365 web app
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 23%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
Praveen Patel G
0
Reputation points
'mailto:' scheme doesn't work in web application embedded in MS365 web app
I have created a simple HTML web page with the following code:
<a href="mailto:<your-email-address>" title="">email-address</a>
I have hosted this app on localhost. With the help of ngRok i have integrated my website on Microsoft teams tab app. Now I am able to see my application in Microsoft 365 as well. If I open app, it loads successfully. But After clicking on my email address,
I see a console error: Framing '' violates the following Content Security Policy directive: "frame-src ". The request has been blocked. Note that '' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches self's scheme. The scheme 'mailto:' must be added explicitly.
Here is my CSP on config file:
<add name="Content-Security-Policy" value="default-src: 'self'; frame-src mailto:;" />
I tried adding mailto: to frame-ancestor as well. That didn't help.
Microsoft Copilot | Microsoft 365 Copilot | Development
Sign in to answer