https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Session-Cookie-proxy-embedding-Access-to-XMLHttpRequest-has/m-p/2162130#M19720 <P><a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/173265">@rlesage</a>&nbsp;- have you also <A href="https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/Admin/mc-adminster-web-integrations.htm" target="_blank" rel="noopener">created a Web Integration</A> in your Qlik Cloud Console and set the appropriate <A href="https://qlik.dev/authenticate/content-security-policy/" target="_blank" rel="noopener">Content Security Policy</A>?</P> Tue, 16 Jan 2024 18:40:18 GMT jprdonnelly 2024-01-16T18:40:18Z https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Session-Cookie-proxy-embedding-Access-to-XMLHttpRequest-has/m-p/2161742#M19716 <P>Hi,</P> <P>I am embedding Qlik Cloud within an azure web app. I have used the tutorial from qlik.dev on session cookie proxies.&nbsp;<A href="https://qlik.dev/authenticate/jwt/jwt-proxy/quickstart-qlik-jwt-proxy/" target="_blank">https://qlik.dev/authenticate/jwt/jwt-proxy/quickstart-qlik-jwt-proxy/</A></P> <P>Unfortunately, after succesfully logging in via the third party authentication tool, I get this error:</P> <P>Access to XMLHttpRequest at '<A href="https://xxx.region.qlikcloud.com/resources/autogenerated/product-info.json" target="_blank">https://xxx.region.qlikcloud.com/resources/autogenerated/product-info.json</A>' (redirected from '<A href="https://webapp.azurewebsites.net/resources/autogenerated/product-info.json" target="_blank">https://webapp.azurewebsites.net/resources/autogenerated/product-info.json</A>') from origin '<A href="https://webapp.azurewebsites.net" target="_blank">https://webapp.azurewebsites.net</A>' has been blocked by CORS policy</P> <P>The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.</P> <P>This is my setCors function</P> <LI-CODE lang="markup">function setCors(res) { res.set('Access-Control-Allow-Origin', frontendUri) res.header('Access-Control-Allow-Origin', frontendUri) res.header('Access-Control-Allow-Credentials', 'true') res.set('Access-Control-Allow-Methods', 'GET, OPTIONS') res.set('Access-Control-Allow-Headers', 'Content-Type, x-proxy-session-id') res.set('Access-Control-Allow-Credentials', 'true') res.header('Access-Control-Allow-Credentials', 'true') }</LI-CODE> <DIV> <DIV>&nbsp;</DIV> </DIV> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 15 Jan 2024 18:28:56 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Session-Cookie-proxy-embedding-Access-to-XMLHttpRequest-has/m-p/2161742#M19716 rlesage 2024-01-15T18:28:56Z https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Session-Cookie-proxy-embedding-Access-to-XMLHttpRequest-has/m-p/2162130#M19720 <P><a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/173265">@rlesage</a>&nbsp;- have you also <A href="https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/Admin/mc-adminster-web-integrations.htm" target="_blank" rel="noopener">created a Web Integration</A> in your Qlik Cloud Console and set the appropriate <A href="https://qlik.dev/authenticate/content-security-policy/" target="_blank" rel="noopener">Content Security Policy</A>?</P> Tue, 16 Jan 2024 18:40:18 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Session-Cookie-proxy-embedding-Access-to-XMLHttpRequest-has/m-p/2162130#M19720 jprdonnelly 2024-01-16T18:40:18Z https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Session-Cookie-proxy-embedding-Access-to-XMLHttpRequest-has/m-p/2162133#M19721 <P>The below link may also help:</P> <P><A href="https://community.qlik.com/t5/Official-Support-Articles/Mixed-Content-and-CORS-error-for-Access-Control-Allow-Origin/ta-p/1715904" target="_blank">Mixed Content and CORS error for Access-Control-Al... - Qlik Community - 1715904</A></P> Tue, 16 Jan 2024 18:50:19 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Session-Cookie-proxy-embedding-Access-to-XMLHttpRequest-has/m-p/2162133#M19721 Ray_Strother 2024-01-16T18:50:19Z https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Session-Cookie-proxy-embedding-Access-to-XMLHttpRequest-has/m-p/2162257#M19723 <P>Hi,<BR />Yes I have done that.<BR />Thanks anyway!</P> Wed, 17 Jan 2024 07:09:03 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Session-Cookie-proxy-embedding-Access-to-XMLHttpRequest-has/m-p/2162257#M19723 rlesage 2024-01-17T07:09:03Z