Forum Discussion
Azure B2C in a frame because it set 'X-Frame-Options' to 'deny'.
Hi ThusharaManchanayake Sayali-MSFT ,
Have found the issue and rectified?
Currently, we're in the process of integrating Single Sign-On (SSO) functionality into our React/Typescript based iframe web application, which operates within an iframe.
For user authentication, we're utilizing Azure AD B2C, while AWS Cognito serves as our internal database for user data management. During development, within the iframe environment, we successfully implemented SSO login without any issues. However, upon deployment of our iframe application into the parent web application, we encountered an obstacle when trying to initiate the SSO login process. Specifically, we received the error message:
"Refused to display 'https://test.b2clogin.com/' in a frame because it set 'X-Frame-Options' to 'deny'."
Upon investigation, it became apparent that the 'X-Frame-Options' header for 'https://test.b2clogin.com/' is configured to 'deny', thereby preventing its display within iframes. Are there any potential solutions or workarounds for this issue?
We got stucked in the issue for some day, and can't find any potential fixes 
.
But found out your related threads having the same cause .
Thanks for your help in Advance! 
- Sorry, I didn't find any solution yet. Our task was deprioritized.
Sayali-MSFTMicrosoft
The issue you're facing with Azure AD B2C’s
X-Frame-Optionsheader is a common one when trying to integrate SSO solutions within iframes. TheX-Frame-Optionsheader is used to prevent clickjacking attacks by controlling whether a page can be displayed in an iframe, frame, or object.Since Azure AD B2C sets the
X-Frame-Optionstodeny, it prevents your application from embedding the authentication page in an iframe. Unfortunately, you won't be able to modify Azure AD B2C’s response headers directly because it is managed by Microsoft.
please check with this documentation Azure AD B2C documentation to handling SSO within iframes.
