Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refused to display 'https://login.microsoftonline.com/' in a frame because it set 'X-Frame-Options' to 'deny' #7458

Open
webelieve opened this issue Dec 11, 2024 · 1 comment
Open

Refused to display 'https://login.microsoftonline.com/' in a frame because it set 'X-Frame-Options' to 'deny' #7458

webelieve opened this issue Dec 11, 2024 · 1 comment
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-browser Related to msal-browser package msal-react Related to @azure/msal-react Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@webelieve
Copy link

webelieve commented Dec 11, 2024
edited
Loading

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

"react": "^18.2.0",

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

"react": "^18.2.0",

Public or Confidential Client?

Public

Description

Hi!

We have encountered issue on this error - Refused to display 'https://login.microsoftonline.com/' in a frame
because it set 'X-Frame-Options' to 'deny'. Could you please advise? Thank you!

When users logged in with multiple accounts https://myaccount.microsoft.com/, then try to access to our app.

Results:

Copy https://login.microsoftonline.com in a new tab, it takes the user to

MSAL Configuration

export const msalConfig: Msal.Configuration = {
  auth: {
    clientId: EnvironmentService.getAzureClientId(),
    redirectUri: `${window.location.origin}`,
    authority: `https://login.microsoftonline.com/getAzureTenantId()`
  },
  cache: {
    cacheLocation: "sessionStorage",
    storeAuthStateInCookie: true,
  }
}
@webelieve webelieve added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Dec 11, 2024
@github-actions github-actions bot added msal-browser Related to msal-browser package msal-react Related to @azure/msal-react public-client Issues regarding PublicClientApplications labels Dec 11, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Dec 11, 2024
@webelieve
Copy link
Author

webelieve commented Dec 12, 2024
edited
Loading

@tnorling Hi Thomas, I noticed that you answered a previous post on this issue. I appreciate if you can assist. Thank you!

#2731

We are dealing with a scenario where multiple accounts are logged in simultaneously. How should we handle this? We want to authenticate the user after they select the their primary account and access our app, ensuring they see the same content as they only logged in using primary accounts. However, we are currently facing an issue where, after the user selecting their primary account from Azure logging popup window, our app encounters a “Refused to display 'https://login.microsoftonline.com/' in a frame because it set 'X-Frame-Options' to 'deny” error in the console log, though the user will not see unless they use DevTools to inspect. Is it possible to allow the user to log in silently even they logged by multiple accounts?

Please advise. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-browser Related to msal-browser package msal-react Related to @azure/msal-react Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@webelieve