cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Refused to display ‘login.microsoftonline…’ in a frame because it set ‘X-Frame-Options’ to ‘deny'

pkulla
Copper Contributor

‎Jan 22 2020 05:52 AM - edited ‎Jan 22 2020 05:54 AM

‎Jan 22 2020 05:52 AM - edited ‎Jan 22 2020 05:54 AM

Refused to display ‘login.microsoftonline…’ in a frame because it set ‘X-Frame-Options’ to ‘deny'

I’m currently trying to implement my website into Microsoft Teams. For that I’ve made a custom app with App Studio. In that app I have a tab to direct to my website. This website has a button that executes a code in which it tries to authContext.login(), which causes the site to direct to the microsoft login and back to the redirect.

In web browsers (Firefox, Chrome, Edge) it works fine. But when I try to use authContext.login() in the Teams Desktop Client I get this error in the DevTools console (Due to security concerns I’ve changed some of the hexcode for this post):

Refused to display https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=1904f197-...' in a frame because it set 'X-Frame-Options' to 'deny'.

The website gets displayed until the button with authContext.login() is executed, then it vanishes and the error is thrown.

 

This is a code snippet of my button:

 

<!--- Import packages for authentication information in Teams/Azure --->
<script src="<a href="<a href="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.15/js/adal.min.js" target="_blank">https://secure.aadcdn.microsoftonline-p.com/lib/1.0.15/js/adal.min.js</a>" target="_blank"><a href="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.15/js/adal.min.js</a" target="_blank">https://secure.aadcdn.microsoftonline-p.com/lib/1.0.15/js/adal.min.js</a</a>>"  crossorigin="anonymous"></script>

...

function loginO365() {
    let config = {
        clientId: "190af997-d6f8-4730-9462-e13dee41d451",
        redirectUri: "#application.gc_app_rootURL#", // same URL as redirect in error and Azure app
        cacheLocation: "localStorage",
        navigateToLoginRequestUrl: true,
    };

    let authContext = new AuthenticationContext(config);
    let isCallback = authContext.isCallback(window.location.hash);
    authContext.handleWindowCallback();
    authContext.login(); // causes error
}

 

 

My questions:

  1. What causes this?
  2. Why does it not happen in web browsers?
  3. How do I fix it?

 

Attention: I'm aware that you should not repost. But since this post got no attention on stack I posted it here. (To the original Stackoverflow Post )

Labels:
20.8K Views
1 Like
4 Replies
Reply
4 Replies
cpttony

‎Apr 24 2023 06:54 AM

‎Apr 24 2023 06:54 AM

Re: Refused to display ‘login.microsoftonline…’ in a frame because it set ‘X-Frame-Options’ to ‘deny

@pkullaAny luck with this issue? I'm facing the same problem with some users. It works just fine with others.

0 Likes
Reply
RayChien

‎May 10 2023 08:29 PM

‎May 10 2023 08:29 PM

Re: Refused to display ‘login.microsoftonline…’ in a frame because it set ‘X-Frame-Options’ to ‘deny

Check the cookie setting in their browser to make sure the cookie of login.microsoftonline.com is not blocked.
This post may help...
https://learn.microsoft.com/en-us/answers/questions/957121/login-microsoftonline-com-refused-to-conn...
0 Likes
Reply
ThusharaManchanayake

‎May 14 2023 10:51 PM

‎May 14 2023 10:51 PM

Re: Refused to display ‘login.microsoftonline…’ in a frame because it set ‘X-Frame-Options’ to ‘deny

I'm having a similar problem with Azure B2C. Allowing all cookies does not solve the problem for me. These authentication providers appear to have been configured to block loading via IFrame, over which we have no control. Could someone please correct me if I'm mistaken?
0 Likes
Reply