fix(teams): remove smba.trafficmanager.net from Microsoft content allowlist

waleedlatif1 · waleedlatif1 · commit 263744d2cd45 · 2026-04-06T21:28:15.000-07:00
The subdomain check for smba.trafficmanager.net was unnecessary — Azure
Traffic Manager does not support nested subdomains of existing profiles,
but the pattern still raised a valid audit concern. Teams bot-framework
attachment URLs from this host fall through to the generic fetchWithDNSPinning
branch, which provides the same protection without the ambiguity.
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-sidebar/settings-sidebar.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-sidebar/settings-sidebar.tsx
@@ -210,7 +210,6 @@ export function SettingsSidebar({
     if (section) {
       router.replace(getSettingsHref({ section }), { scroll: false })
     } else {
-      // Triggered by the back button — no pending section was set
       router.push(popSettingsReturnUrl(`/workspace/${workspaceId}/home`))
     }
   }, [confirmNavigation, router, getSettingsHref, popSettingsReturnUrl, workspaceId])
diff --git a/apps/sim/hooks/queries/environment.ts b/apps/sim/hooks/queries/environment.ts
@@ -1,5 +1,5 @@
 import { createLogger } from '@sim/logger'
-import { keepPreviousData, useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
+import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import type { EnvironmentVariable, WorkspaceEnvironmentData } from '@/lib/environment/api'
 import { fetchPersonalEnvironment, fetchWorkspaceEnvironment } from '@/lib/environment/api'
 import { workspaceCredentialKeys } from '@/hooks/queries/credentials'
@@ -39,7 +39,6 @@ export function useWorkspaceEnvironment<TData = WorkspaceEnvironmentData>(
     queryFn: ({ signal }) => fetchWorkspaceEnvironment(workspaceId, signal),
     enabled: !!workspaceId,
     staleTime: 60 * 1000, // 1 minute
-    placeholderData: keepPreviousData,
     ...options,
   })
 }
diff --git a/apps/sim/lib/core/security/input-validation.ts b/apps/sim/lib/core/security/input-validation.ts
@@ -1219,7 +1219,6 @@ const MICROSOFT_CONTENT_SUFFIXES = [
   '1drv.ms',
   '1drv.com',
   'microsoftpersonalcontent.com',
-  'smba.trafficmanager.net',
 ] as const
 
 /**
@@ -1229,8 +1228,7 @@ const MICROSOFT_CONTENT_SUFFIXES = [
  *
  * Covers SharePoint Online (commercial, GCC/GCC High/DoD, Germany, China),
  * OneDrive business and consumer, OneDrive short-link and CDN domains,
- * Microsoft personal content CDN, and the Azure Traffic Manager endpoint
- * used for Teams inline image attachments.
+ * and Microsoft personal content CDN.
  *
  * @see https://learn.microsoft.com/en-us/sharepoint/required-urls-and-ports
  * @see https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-u-s-government-gcc-high-endpoints

Original file line number	Diff line number	Diff line change
`@@ -210,7 +210,6 @@ export function SettingsSidebar({`
`210`	`210`	`if (section) {`
`211`	`211`	`router.replace(getSettingsHref({ section }), { scroll: false })`
`212`	`212`	`} else {`
`213`		`- // Triggered by the back button — no pending section was set`
`214`	`213`	router.push(popSettingsReturnUrl(`/workspace/${workspaceId}/home`))
`215`	`214`	`}`
`216`	`215`	`}, [confirmNavigation, router, getSettingsHref, popSettingsReturnUrl, workspaceId])`