Support for http and not only https
Only possible to use HTTPS urls as tabs. Would be nice if HTTP would work as well.
As you may be aware, HTTP is inherently less secure compared to HTTPS, and modern browsers are making it increasingly difficult to access http:// links; many of them require users to bypass an intermediate page with a scary security warning.
We take users privacy and security very seriously, and we also take popular UserVoice feature requests very seriously. We investigated many approaches to address this feature request in a way that would also pass security review. One way would have required tenant administrators to manually add domains/intranet sites to an “allow list”, – we received feedback that be unwieldy and add work for IT departments.
Even if that were acceptable however, we’d have a situation that http:// URLs would only ever work on the desktop client. Users who clicked on the tab using the browser client would see the same scary warning that users accessing the same URL in a browser tab would see.
Given these limitations, we are no longer planning to deliver this feature request.
211 commentsComments are closed
Dave Scott commented
In the real world, HTTPS sites are not exclusive. - the restriction makes this feature less than useful.
Jeff Erickson commented
This seems similar to a related question. I posted a comment there that we need the ability to link to server folders and files within our ecosystem. https://microsoftteams.uservoice.com/forums/555103-public/suggestions/16944823-links-attachments-in-chat?page=2&per_page=20
Clifton Lenne commented
Yes, this is a very much needed feature! I cannot link to internally hosted resources. That is not quite logic.
We need to have clickable http links and to be able to paste images
It is great the idea of staying secure, but SSL does not need to be used on all websites, even if it looks like that is the future of the web.
Perhaps allow a non HTTPS site to be used but add a warning message before adding the new tab.
Unable to link internally hosted sites
Ioannis Mavroukakis commented
There may be sites that do not require TLS security (internal, dashboard only, VPN accessible only). Forcing https breaks adding them
Steven Creaney commented
Agreed, we would like to link to internal dev/qa/uat/training web apps that aren't necessarily SSL enabled.
Why cannot link to internally hosted resources? (Yes, we know what we're doing!) a warning vs restriction would be better.
Robert Johnson commented
Allow non-https & non-public URLs on Websites tabs. This will allow us to link internal resources like Project Server 2007 & TFS 2010.