SharePoint Store Apps can not be added after installing the May 2021 CU

Problem Description

After installing the May 2021 CU you will not be able to open or add new SharePoint Store apps, because the iframe from the appinv.aspx page is now blocked by default.

This is an example of the error:

Browser Error:

Chrome-error://chromewebdata/:1 Refused to display ‘https://spaad.contoso.local/’ in a frame because it set multiple ‘X-Frame-Options’ headers with conflicting values (‘DENY, SAMEORIGIN’). Falling back to ‘deny’.

Workaround

This issue has been corrected in the September CU 2021 for 2013, 2016 and 2019. After installing the patch, SharePoint Admin’s will need to create a new Farm property named “AddGenericAllowedListValue’ and add the SharePoint site URL in the “AllowIframeAppAuthorizePageDomains” list.

Example:

$farm = Get-SPFarm
$farm.AddGenericAllowedListValue(“AllowIframeAppAuthorizePageDomains”,“spaad.contoso.local”)
$farm.Update()

Please Note:

  • You can add more than one trusted domain to the AllowIframeAppAuthorizePageDomains by using the command multiple times.
  • You can add the wildcard domain such as *.contoso.com to the AllowIframeAppAuthorizePageDomains.

External Links

SharePoint updates – Office release notes | Microsoft Docs

Appinv.aspx page can’t be added to iframe (KB5005546) (microsoft.com)

Leave a Reply