Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add-PnPApp throws System.UnauthorizedAccessException when custom script is blocked on app catalog #4203

Closed
1 of 6 tasks
thomaskjaerulff opened this issue Aug 29, 2024 · 6 comments · Fixed by #4554
Closed
1 of 6 tasks

Add-PnPApp throws System.UnauthorizedAccessException when custom script is blocked on app catalog #4203

thomaskjaerulff opened this issue Aug 29, 2024 · 6 comments · Fixed by #4554
Labels
enhancement New feature or request

Comments

@thomaskjaerulff
Copy link

Reporting an Issue or Missing Feature

We have discovered that when the Custom Script setting is set to "Blocked" on the app catalog site, we are unable to release our SPFx web part using the Add-PnPApp cmdlet. We receive a System.UnauthorizedAccessException.

image

image

If we change the setting to "Allowed", it works fine.

Expected behavior

We expect to be able to release our SPFx web parts using the Add-PnPApp cmdlet without having to first run Set-PnPSite -NoScriptSite $false

Steps to reproduce behavior

Set the Custom script setting to "Blocked" on the app catalog site and run the Add-PnPApp cmdlet on this site.

What is the version of the Cmdlet module you are running?

Running PnP.PowerShell 2.10.0

Which operating system/environment are you running PnP PowerShell on?

  • Windows
  • Linux
  • MacOS
  • Azure Cloud Shell
  • Azure Functions
  • Other : please specify
@thomaskjaerulff thomaskjaerulff added the bug Something isn't working label Aug 29, 2024
@jackpoz
Copy link
Contributor

jackpoz commented Aug 29, 2024

Does it work releasing the spfx package through the UI on SPO or do you get an error there too ?

@thomaskjaerulff
Copy link
Author

I also receive an access denied when uploading any given SPFx package through the UI with custom scripts set to "Blocked" and me being a Site Admin on the App Catalog site.

image

@gautamdsheth
Copy link
Collaborator

This is by design, not a bug. You will need to unblock in order to upload the app.

@kasperbolarsen
Copy link
Contributor

So the policy is not to add that check to the various commands ?
That is one way to do it, but it puts the burden on every user, rather than handling this quietly in the command

@jackpoz
Copy link
Contributor

jackpoz commented Aug 30, 2024

A new optional parameter might be a good trade-off between respecting the policy by default and providing a convenient way to users to override it, as long as they have the permissions to flip the Custom scripts setting to Allowed.

Would that be an acceptable solution ?

@gautamdsheth gautamdsheth reopened this Aug 30, 2024
@kasperbolarsen
Copy link
Contributor

I think the policy should be covering all the CMDs where the blocking of Custom Scripting is an issue.
So the option is:

  1. Leave it up to the end users to modify their scripts ( can we provide a list of CMDs that require Custom Scripting?)

  2. add the optional parameter

  3. add the handling of Custom Scripting activation in the CMDs.

I would of course prefer #3 but I have no idea about how many CMDs that we are talking about

@veronicageek veronicageek added enhancement New feature or request and removed bug Something isn't working labels Oct 11, 2024
@veronicageek veronicageek changed the title [BUG] Add-PnPApp throws System.UnauthorizedAccessException when custom script is blocked on app catalog Add-PnPApp throws System.UnauthorizedAccessException when custom script is blocked on app catalog Oct 11, 2024
@gautamdsheth gautamdsheth mentioned this issue Nov 16, 2024
Merged
3 tasks
erwinvanhunen added a commit that referenced this issue Nov 26, 2024
@erwinvanhunen
Merge pull request #4554 from gautamdsheth/fix/4203-allow-scripts
60ce6f7 
Fix #4203:  Add -Force parameter to Add-PnPApp, Publish-PnPApp, Remove-PnPApp, and Unpublish-PnPApp to allow temporary script enabling on no-script sites
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
5 participants
@jackpoz @thomaskjaerulff @gautamdsheth @kasperbolarsen @veronicageek