Help my browser keeps refreshing my SharePoint page

post

One of my customers reported that their SharePoint page kept refreshing in Firefox. While investigating the issue, it turned out it was an issue with the Microsoft Graph permission scope that was missing.

All we had to do was approve the permission scope in the SharePoint Admin Center - API access page, and it was fixed; the page stopped refreshing.

Although the solution is simple, I wanted to understand why this was happening.

Why does the page keep refreshing?

Let us first check the experience:

SharePoint page refresh issue

When you look closely at the video, you will see that the page gets redirected to /_forms/spfxsinglesignon.aspx, bringing you back to the original page.

The /_forms/spfxsinglesignon.aspx page is used to overcome an issue with the third-party cookies, which are blocked by default in Firefox, and soon other browsers will do the same.

info

The Chrome team is currently rolling this out (Q3 2024) - Prepare for third-party cookie restrictions

As Firefox is blocking the third-party cookies, the flow of loading your page and solutions goes like this:

  • The page loads
  • The solution loads
  • The solution code tries to retrieve an access token for Microsoft Graph
  • The page gets redirected to /_forms/spfxsinglesignon.aspx to get the access token
  • An error is returned (but you do not see this), and the page gets redirected back to the original page
Show image Error during the token retrieval
Error during the token retrieval
  • The original page loads and it starts all over again

Why did it not happen before?

The issue does not occur in Chrome or Edge when writing the article. Third-party cookies are not yet blocked by default in these browsers.

As it is not yet blocked, the access token for Microsoft Graph is retrieved with the implicit grant flow, which uses the hidden iframe. As this is not blocked, only an error is returned in the console.

Show image MSAL token retrieval error
MSAL token retrieval error

This error gives the developer enough information to understand what is happening and fix the issue.

How to fix the issue

Solution 1: Approve the permission scope

The clean solution is to approve the permission scope in the SharePoint Admin Center - API access page.

This solution allows your code to retrieve the access token by just one redirect and stops the page from refreshing.

It feels like we are back in Internet Explorer, where we had to tell our customers to add their SharePoint URL to the trusted sites. For Firefox, you can configure the third-party cookie exceptions in the settings.

Follow the following steps to configure the exceptions:

  • Open the Firefox settings
  • Go to the Privacy & Security tab
  • In the Enhanced Tracking Protection section, click on the Manage Exceptions... button
  • Add the SharePoint URL to the exceptions
Show image Firefox third-party cookie exceptions
Firefox third-party cookie exceptions

Once configured, the solution will now try to retrieve the access token with the hidden iframe instead of getting redirected to /_forms/spfxsinglesignon.aspx.

important

Chrome and Edge have similar settings.

Resources

If you want to know more about the third-party cookie restrictions, you can read the following resources:

Comments

Back to top