Microsoft Teams | Changes required for Teams Tabs and Connectors -Subversion

Wed, 27 Nov 2019 01:51:23 -0800 

Hi,

I hope this email finds you well!

Summary
Google is planning to make two changes to how Chrome treats cookies without the 
SameSite attribute. This change will impact the way that tabs and connectors in 
your app work and requires your attention. The default changes from 
SameSite=None to SameSite=Lax, and SameSite=None requires Secure. This is done 
to improve overall web security and eliminate certain classes of CSRF attacks.  
Details about the SameSite attribute can be found here.  
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fweb.dev%2Fsamesite-cookies-explained%2F&data=02%7C01%7Cv-anvenk%40microsoft.com%7C015d03763bcc49a0723508d76ee40701%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637099797987865807&sdata=TOPN4psV01Kc1SM5Dt70a0ubDGW4E4dFo2D3mAlPDYo%3D&reserved=0>

Changing the default means cookies without an explicit SameSite=None; Secure 
attribute will not be sent in a 3rd party context anymore. This affects 
identity scenarios in various ways and can affect other app scenarios too.

Changes required for tabs and connectors

  1.  Please enable this new feature in Chrome and validate that your tabs, 
connectors and personal apps continue to work in Teams.
  2.  Changes need to be completed by February 4th 2020.

More details
This change is scheduled to be enabled by default in the Beta version of Chrome 
78 and the Stable version of Chrome 80 (while Google hasn’t released firm 
dates, we expect this to arrive by February 4th). The change is already 
available behind a feature flag in Chrome 76+.
Important: Please note that SameSite=none is not supported by  older versions 
of Chrome or Safari. This means that you will have to check the user-agent in 
order to provide the correct SameSite property. You can find out how this 
should be implemented in C# here: 
https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdevblogs.microsoft.com%2Faspnet%2Fupcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core%2F&data=02%7C01%7Cv-anvenk%40microsoft.com%7C015d03763bcc49a0723508d76ee40701%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637099797987875803&sdata=jvLpwD5u2futDq5O5VgPq7BxRTKH%2BB1Rly%2BVSQ%2Blsfg%3D&reserved=0>


[teams_logo]
Anantha
PM – Microsoft Teams Partner Ecosystem
v-anv...@microsoft.com<mailto:v-anv...@microsoft.com>

Reply via email to