https://community.qlik.com/t5/App-Development/API-error-response-return-internal-host-name-instead-of-web/m-p/1995224#M82373 <P>Hello dear Qlik specialists!</P> <P>We in company have no previous experience with Qlik Analytics Platform (QAP), yes it is same old Qlik Sense Enterprise with some limited and some added functionality, but still, there might be some differences in setting details and as problems we are experiencing with QAP, decided to ask someone of you, maybe you will have some ideas on problem described below.</P> <P>Situation:</P> <P>Penetration test on our QAP setup was performed (by external auditor) and <SPAN>security vulnerability&nbsp;</SPAN>issues were found on error handling.</P> <P>Test case:</P> <P>When making API call to host <STRONG>companywebaddress.com</STRONG> (*1 in picture) with GET method api/hub/v1/streams/ &nbsp;with knowingly added redundant specific symbols <STRONG>"%00"</STRONG> (*2 in picture) to the stream id, like <EM>some-long-and-complicated-stream-id%00</EM>, the error response of the call return internal host name <STRONG>SOMEHOSTNAME.dmzad.local</STRONG> with added port (*3 in picture), like</P> <P><EM>"Error requesting "<A href="https://SOMEHOSTNAME.dmzad.local:4242/qrs/stream/some-long-and-complicated-stream-id\" target="_blank" rel="noopener">https://SOMEHOSTNAME.dmzad.local:4242/qrs/stream/some-long-and-complicated-stream-id\</A>u0000\" - TypeError ...".</EM></P> <P>Screenshot is attached to post, I guess this will make description of test case more clearer, sorry, addresses/names in screenshot hidden, of course. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Any idea how in the response output get <STRONG>companywebaddress.com</STRONG> instead of <STRONG>SOMEHOSTNAME.dmzad.local:4242</STRONG>?</P> <P>Is this a QAP (Qlik Sense) setup/configuration issue, or this is how it is built and should work?</P> <P>Thank you in advance.</P> Thu, 20 Oct 2022 19:03:25 GMT sdcentre 2022-10-20T19:03:25Z https://community.qlik.com/t5/App-Development/API-error-response-return-internal-host-name-instead-of-web/m-p/1995224#M82373 <P>Hello dear Qlik specialists!</P> <P>We in company have no previous experience with Qlik Analytics Platform (QAP), yes it is same old Qlik Sense Enterprise with some limited and some added functionality, but still, there might be some differences in setting details and as problems we are experiencing with QAP, decided to ask someone of you, maybe you will have some ideas on problem described below.</P> <P>Situation:</P> <P>Penetration test on our QAP setup was performed (by external auditor) and <SPAN>security vulnerability&nbsp;</SPAN>issues were found on error handling.</P> <P>Test case:</P> <P>When making API call to host <STRONG>companywebaddress.com</STRONG> (*1 in picture) with GET method api/hub/v1/streams/ &nbsp;with knowingly added redundant specific symbols <STRONG>"%00"</STRONG> (*2 in picture) to the stream id, like <EM>some-long-and-complicated-stream-id%00</EM>, the error response of the call return internal host name <STRONG>SOMEHOSTNAME.dmzad.local</STRONG> with added port (*3 in picture), like</P> <P><EM>"Error requesting "<A href="https://SOMEHOSTNAME.dmzad.local:4242/qrs/stream/some-long-and-complicated-stream-id\" target="_blank" rel="noopener">https://SOMEHOSTNAME.dmzad.local:4242/qrs/stream/some-long-and-complicated-stream-id\</A>u0000\" - TypeError ...".</EM></P> <P>Screenshot is attached to post, I guess this will make description of test case more clearer, sorry, addresses/names in screenshot hidden, of course. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Any idea how in the response output get <STRONG>companywebaddress.com</STRONG> instead of <STRONG>SOMEHOSTNAME.dmzad.local:4242</STRONG>?</P> <P>Is this a QAP (Qlik Sense) setup/configuration issue, or this is how it is built and should work?</P> <P>Thank you in advance.</P> Thu, 20 Oct 2022 19:03:25 GMT https://community.qlik.com/t5/App-Development/API-error-response-return-internal-host-name-instead-of-web/m-p/1995224#M82373 sdcentre 2022-10-20T19:03:25Z