[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Microsoft Teams | Changes required for Teams Tabs and Connectors -Subversion

From: Anantha Chitradurga Venkatesh (Tata Consultancy Services Limi) <v-anvenk_at_microsoft.com>
Date: Wed, 27 Nov 2019 09:50:45 +0000


I hope this email finds you well!

Google is planning to make two changes to how Chrome treats cookies without the SameSite attribute. This change will impact the way that tabs and connectors in your app work and requires your attention. The default changes from SameSite=None to SameSite=Lax, and SameSite=None requires Secure. This is done to improve overall web security and eliminate certain classes of CSRF attacks.  Details about the SameSite attribute can be found here. <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fweb.dev%2Fsamesite-cookies-explained%2F&data=02%7C01%7Cv-anvenk%40microsoft.com%7C015d03763bcc49a0723508d76ee40701%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637099797987865807&sdata=TOPN4psV01Kc1SM5Dt70a0ubDGW4E4dFo2D3mAlPDYo%3D&reserved=0>

Changing the default means cookies without an explicit SameSite=None; Secure attribute will not be sent in a 3rd party context anymore. This affects identity scenarios in various ways and can affect other app scenarios too.

Changes required for tabs and connectors

  1. Please enable this new feature in Chrome and validate that your tabs, connectors and personal apps continue to work in Teams.
  2. Changes need to be completed by February 4th 2020.

More details
This change is scheduled to be enabled by default in the Beta version of Chrome 78 and the Stable version of Chrome 80 (while Google hasn’t released firm dates, we expect this to arrive by February 4th). The change is already available behind a feature flag in Chrome 76+.
Important: Please note that SameSite=none is not supported by  older versions of Chrome or Safari. This means that you will have to check the user-agent in order to provide the correct SameSite property. You can find out how this should be implemented in C# here: https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdevblogs.microsoft.com%2Faspnet%2Fupcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core%2F&data=02%7C01%7Cv-anvenk%40microsoft.com%7C015d03763bcc49a0723508d76ee40701%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637099797987875803&sdata=jvLpwD5u2futDq5O5VgPq7BxRTKH%2BB1Rly%2BVSQ%2Blsfg%3D&reserved=0>

PM – Microsoft Teams Partner Ecosystem

Received on 2019-11-27 10:51:03 CET

This is an archived mail posted to the Subversion Users mailing list.