Issue Summary

A feature of Microsoft Defender for Cloud Apps called Conditional Access App Control / Session control causes issues with certain ACJS APIs that use the _context parameter.

The error that we see looks like:
1AP.history.pushState: Uncaught TypeError: Cannot read properties of undefined (reading '_context')

This error is found in Atlassian Connect Javascript API.

Steps to Reproduce

CAAC causes all requests to be proxied through the mcas.ms domain, like so:
https://<mysite>.atlassian.net.mcas.ms/plugins/servlet/ac/<plugin-key>
However, when loading the cross domain iframe, we still see simple-xdm expecting the URL to be the following:
https://<app-domain>.mcas.ms/app.html?xdm_e=https%3A%2F%2F<mysite>.atlassian.net
There is a mismatch between the expected and actual domain, most likely leading to cross domain validation failure.

Expected Results

There is a mismatch between the expected and actual domain, most likely leading to cross domain validation failure.

Actual Results

The below exception is thrown in the xxxxxxx.log file:

...

Workaround

No workaround currently