'X-Frame-Options: DENY' Error During SSO Authentication in an iFrame

Copper Contributor

Hi All,

Currently, we're in the process of integrating Single Sign-On (SSO) functionality into our React/Typescript based iframe web application, which operates within an iframe.
For user authentication, we're utilizing Azure AD B2C, while AWS Cognito serves as our internal database for user data management. During development, within the iframe environment, we successfully implemented SSO login without any issues. However, upon deployment of our iframe application into the parent web application, we encountered an obstacle when trying to initiate the SSO login process. Specifically, we received the error message:
"Refused to display 'https://test.b2clogin.com/' in a frame because it set 'X-Frame-Options' to 'deny'."
Upon investigation, it became apparent that the 'X-Frame-Options' header for 'https://test.b2clogin.com/' is configured to 'deny', thereby preventing its display within iframes. Are there any potential solutions or workarounds for this issue?

We got stucked in the issue for some day, and can't find any potential fixes Rajnivas_Thiyagarajan_0-1713340561329.gif

Thanks for your help in Advance! Rajnivas_Thiyagarajan_1-1713340561331.gif





1 Reply

@Rajnivas_Thiyagarajan - The response header you are getting back from 'https://test.b2clogin.com/' does not allow the browser to render it inside an <iframe> element.

Take a look at the X-Frame-Options header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options





Prasad Das


If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate.