When trying to add an ASPX page to a SharePoint Document Library on a root site in a site collection, you may see the following error:
Sorry, your files couldn't be uploaded. The upload might be too large or the server might be experiencing high network traffic.
You will also encounter the error in the following scenarios:
- SSSC - On Site Collections created with the Self Service Site Creation (SSSC) SharePoint feature.
- Auto-provisioned Root Site Collection - the root Site Collection provisioned when the tenant was provisioned will have Custom Script blocked and will result in the error.
Site Collections created by a user with the Admin Console in Office 365 have Custom Scripts enabled by default - no error occurs in this case.
Microsoft has implemented security changes disabling scripting on a Site Collection, this is a protection mechanism to ensure users do not do anything malicious to the Host Site Collection. The security changes prevent uploading of scripts and will cause the error if you try uploading an ASPX file.
Another way of recognizing this issue is receiving the Manage / Limited Rights warning when configuring K2 Server settings during registration, as seen in the image below.
Or you may have a different warning in this application section, such as the following:
The application does not have permissions to upload pages for rendering SmartForms in SharePoint. Click here to temporarily allow the application to upload these pages.
Because of Common Consent, Application Rights should always be Full Control, seeing the warning shown above indicates the right to run custom scripts on personal sites is revoked. You can click on the link in the warning to temporarily workaround the issue, or see Workaround below for a permanent solution.
You can also test this by logging into the SharePoint site as the K2 service account and then attempting to upload a file to the K2Pages folder. This results in an error such as the following:
Access Denied: Before opening files in this location, you must first add the web site to your trusted sites list, browse to the web site, and select the option to login automatically.
The security change removes AddAndCustomizePages rights from all users. You can re-enable these rights through Tenant Administration by navigating to SharePoint Admin Center > Settings then browse down the page to the Custom Script area and changing the options as in the image below.
||Note that this change might take up to 24 hours to take effect.
Once the registration wizard has succeeded on the root Site Collection, you should change the settings back to reinstate the security.
To do this using the SharePoint Online Management Shell and not have to wait 24 hours, run the following PowerShell script. For more information see https://support.office.com/en-sg/article/Turn-scripting-capabilities-on-or-off-1f2c515f-5d7e-448a-9fd7-835da935584f
Connect-SPOService -Url https://yourtenant-admin.sharepoint.com -credential firstname.lastname@example.org
Get-SPOSite -Identity https://yourtenant.sharepoint.com | fl *
Set-SPOSite -Identity https://yourtenant.sharepoint.com -DenyAddAndCustomizePages 0