Azure AD B2C Embedded signin is not working in safari

Sahil Shah 26 Reputation points

I have enabled JourneyFraming in custom policy as described here:

      <JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="xxxxx" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
      <JourneyFraming Enabled="true" Sources=" https://localhost:50000" />

The embedded iframe loads fine in chrome, but fails to load in safari.

Getting following error in console "Invalid 'X-Frame-Options' header encountered when loading <b2c_page_url>: ALLOW-FROM <url> is not a recognized directive. The header will be ignored."

Any idea what could be missing for Safari?

User's image

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,563 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 19,626 Reputation points Microsoft Employee

    Hi @Sahil Shah ,

    Thanks for reaching out.

    This is expected as Safari does not support the ALLOW-FROM directive.

    Instead, you can use the Content-Security-Policy header to control framing. You can set the Content-Security-Policy header to frame-ancestors to allow framing from specific sources.

    To allow your Azure AD B2C user interface to be embedded in an iframe, a content security policy Content-Security-Policy and frame options X-Frame-Options must be included in the Azure AD B2C HTTP response headers.

    Hope this will help.



    Please remember to "Accept Answer" if answer helped you.