Forum Discussion
'X-Frame-Options: DENY' Error During SSO Authentication in an iFrame
Hi All,
Currently, we're in the process of integrating Single Sign-On (SSO) functionality into our React/Typescript based iframe web application, which operates within an iframe.
For user authentication, we're utilizing Azure AD B2C, while AWS Cognito serves as our internal database for user data management. During development, within the iframe environment, we successfully implemented SSO login without any issues. However, upon deployment of our iframe application into the parent web application, we encountered an obstacle when trying to initiate the SSO login process. Specifically, we received the error message:
"Refused to display 'https://test.b2clogin.com/' in a frame because it set 'X-Frame-Options' to 'deny'."
Upon investigation, it became apparent that the 'X-Frame-Options' header for 'https://test.b2clogin.com/' is configured to 'deny', thereby preventing its display within iframes. Are there any potential solutions or workarounds for this issue?
We got stucked in the issue for some day, and can't find any potential fixes
Thanks for your help in Advance!
1 Reply
Prasad_Das-MSFTMicrosoft
Rajnivas_Thiyagarajan - The response header you are getting back from 'https://test.b2clogin.com/' does not allow the browser to render it inside an
<iframe>element.Take a look at the
X-Frame-Optionsheader: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-OptionsThanks,
Prasad Das
------------------------------------------------------------------------------------------
If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate.