Azure AD B2C branding logo blocked by CSP

Question

Azure AD B2C branding logo blocked by CSP

Brent Young 25

So we have successfully setup a registered application in Microsoft Azure Entra ID as an Azure AD B2C application. There is a branding section on the management page for the registered application where you can add a logo with some specs (50x50, transparent png). All of the setup seems to have gone well and saved, however when a user goes to log in to the app through oAuth, the logo that we uploaded in the branding section of the registered application is blocked by a CSP present in the login flow. We are new to Azure so grasping at straws a little, but we've looked around for somewhere to modify the CSP but haven't found somewhere. Note: we are not using any custom flows, we've only filled in the fields present in that branding tab.

Screenshot 2025-03-14 at 2.34.17 PM

Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2025-03-18T22:17:53.0366667+00:00

@Brent Young
we are check this internally and will get back to you further inputs. In the meanwhile, May I know which tenant you are using is it Entra ID, External ID or Azure AD B2C? can you please share the Har file by following Capture a browser trace for troubleshooting. Please check the private message how to send the file.
Brent Young 25 Reputation points

2025-03-18T23:16:21.1066667+00:00

We are using Azure AD B2C (Tenant = Default Directory).

For additional reference, the individual application registration within that tenant I've been testing is the Prophia Abstract Dev tenant, where you can view the logo upload in the branding tab.

Ill work on providing the other requested resources momentarily.
Grant Zhao 0 Reputation points

2025-03-19T14:13:39.0433333+00:00

We are having the same issue, looks like a misconfiguration of the CSP from microsoft side

Update:1 Refused to load the image 'https://aadcdn.msftauthimages.net/dbd5a2dd-xh1kkyjdv7iwjh1ov9bylhaws0z-uq7uncir1u9atnm/appbranding/pplvnhklxbc8b4thqrad67ngjl1-yf3awhfctyjvmey/1033/bannerlogo?ts=638779899686154914' because it violates the following Content Security Policy directive: "img-src 'self' https://logincdn.msauth.net https://logincdn.msftauth.net https://lgincdnvzeuno.azureedge.net https://lgincdnmsftuswe2.azureedge.net https://acctcdn.msauth.net https://acctcdn.msftauth.net https://.microsoft.com https://.office.net https://.bing.com https://.sharepointonline.com https://js.monitor.azure.com https://*.live.com 'report-sample'".

Accepted answer

0 additional answers

Your answer

Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2025-03-18T22:17:53.0366667+00:00

@Brent Young
we are check this internally and will get back to you further inputs. In the meanwhile, May I know which tenant you are using is it Entra ID, External ID or Azure AD B2C? can you please share the Har file by following Capture a browser trace for troubleshooting. Please check the private message how to send the file.
Brent Young 25 Reputation points

2025-03-18T23:16:21.1066667+00:00

We are using Azure AD B2C (Tenant = Default Directory).

For additional reference, the individual application registration within that tenant I've been testing is the Prophia Abstract Dev tenant, where you can view the logo upload in the branding tab.

Ill work on providing the other requested resources momentarily.
Grant Zhao 0 Reputation points

2025-03-19T14:13:39.0433333+00:00

We are having the same issue, looks like a misconfiguration of the CSP from microsoft side

Update:1 Refused to load the image 'https://aadcdn.msftauthimages.net/dbd5a2dd-xh1kkyjdv7iwjh1ov9bylhaws0z-uq7uncir1u9atnm/appbranding/pplvnhklxbc8b4thqrad67ngjl1-yf3awhfctyjvmey/1033/bannerlogo?ts=638779899686154914' because it violates the following Content Security Policy directive: "img-src 'self' https://logincdn.msauth.net https://logincdn.msftauth.net https://lgincdnvzeuno.azureedge.net https://lgincdnmsftuswe2.azureedge.net https://acctcdn.msauth.net https://acctcdn.msftauth.net https://.microsoft.com https://.office.net https://.bing.com https://.sharepointonline.com https://js.monitor.azure.com https://*.live.com 'report-sample'".

Answer 1

Raja Pothuraju 24,785 Microsoft External Staff Moderator

Hello @Brent Young,

Apologies for the delay.

Our engineering PG team has identified the root cause and deployed a fix to production.

I’ve just verified the consent screen by logging in with a personal Microsoft account, and the branding logo is now displaying correctly without any broken image issues. Please refer the below screenshot.

User's image

Could you please check on your end to confirm if the consent screen is now showing the expected behavior? If you’re still seeing a broken image, feel free to let me know, and I’ll follow up with the engineering team.

Brent Young 25 Reputation points

2025-04-09T07:21:41.5166667+00:00

Using an incognito window to avoid any cached responses I do get the proper image in the sign on flow now. Thanks for the help
Raja Pothuraju 24,785 Reputation points Microsoft External Staff Moderator

2025-04-09T07:44:30.9033333+00:00

Hello @Brent Young,

Thank you for your response and confirming that you are able to see the branding logo on consent screen.

If all your concerns have been resolved, I would greatly appreciate it if you could mark the answer as "Accepted." This helps both us and others in the community.

Share via

Azure AD B2C branding logo blocked by CSP

0 additional answers

Your answer