Encoding bug with the teamslogon.aspx redirection service

SharePoint / sp-dev-docs

SharePoint & Viva Connections Developer Documentation

https://docs.microsoft.com/en-us/sharepoint/dev/

Creative Commons Attribution 4.0 International

1.24k stars 1k forks source link

Encoding bug with the teamslogon.aspx redirection service #6776

Open Mamatha-MSFT opened 3 years ago

Mamatha-MSFT commented 3 years ago

Double encoding the provided URL, redirecting to an invalid URL and resulting in a 404. Example: https://contoso.sharepoint.com/sites/ContosoNet/_layouts/15/teamslogon.aspx?SPFX=true&dest=/sites/ContosoNet/Home%20page.aspx Will redirect to: https://contoso.sharepoint.com/sites/ContosoNet/Home%2520page.aspx See the double encoding with the "Home%2520page" above. The URL without encoding is working fine. So, could you please remove highlighted text in below image.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 8ef9b82d-5475-c5fa-ac7a-7005558e06f1
Version Independent ID: 1d9d4923-c44f-b00b-a553-60c73ed8b8e6
Content: Embedding modern SharePoint pages in Microsoft Teams as personal apps (preview)
Content Source: docs/features/embed-pages-to-teams.md
Product: sharepoint
GitHub Login: @VesaJuvonen
Microsoft Alias: vesaj

ghost commented 3 years ago

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

odrouin commented 3 years ago

From the tests I have made, it is not possible to not encode the [pageUrl] part of the URL, in the case you have any spaces or special characters in the URL, the response will give an HTTP Error 400. The request is badly formed. I think the teamslogon.aspx page needs a fix to not encode the redirected URL twice and result in a 404. I don't see a workaround for these cases right now.

odrouin commented 3 years ago

As of today, it seems like the encoding bug on teamslogon.aspx is resolved

Saulius-Laurinaitis commented 3 years ago

There is still a defect - I have a situation with such url: _https://contoso.sharepoint.com/sites/one/_layouts/15/teamslogon.aspx?SPFX=true&dest=%2fsites%2fone%2fredirect.aspx%3furl%3dhttps%253a%252f%252fmysite.azureedge.net%252findex.html%253fparam1%253dtrue%2526param2%253dfalse_

I expect this to go to: https://contoso.sharepoint.com/sites/one/redirect.aspx?url=https%3a%2f%2fmysite.azureedge.net%2findex.html%3fparam1%3dtrue%26param2%3dfalse

But instead it is decoding everything and I'm loosing my parameters in the second url: https://contoso.sharepoint.com/sites/one/redirect.aspx?url=https://mysite.azureedge.net/index.html?param1=true&param2=false

Can you please investigate it?

UPDATE - I found a workaround by creating a custom SPFx web part which is loaded through teamslogon.aspx and handled my redirect correctly.

NicolajHedeager commented 2 years ago

This still seems to be an issue.

The Lists Teams app from Microsoft will also just throw a 404 if it's added to a Team where the a site collection for the team has a whitepace in the url i.e. [https://contoso.sharepoint.com/sites/Internal Projects]()

https://contoso.sharepoint.com/sites/Internal%2520Projects/_layouts/15/teamslogon.aspx?spfx=true&dest=%2Fsites%2FInternal%2520Projects/_layouts/15/teamsappconfiguration.aspx?theme=default&locale=en-us