Content Security Policy blocks silent authentication iframes
6When using ssoSilent flow, MSAL loads the redirect URI in an invisible iframe. Content security policies or HTTP headers on the redirect URI page can block this iframe from loading, preventing silent SSO.
configMSAL.jsCSPOAuth 2.0