Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
InsecureRequestWarning: Unverified HTTPS request is being made to host 'analytics.mycompany.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
InsecureRequestWarning,
127.0.0.1 - - [13/Jul/2023 11:00:28] "GET / HTTP/1.1" 200 -
QPS_API_URL https://analytics.mycompany.com:4243/qps/testmashup/ticket?xrfkey=123456789abcdef
ticket: XSRF prevention check failed. Possible XSRF discovered.
response: <Response [403]>
response.reason: Forbidden
from flask import Flask, render_template_string
import requests
app = Flask(__name__)
QLIK_SENSE_SERVER_DOMAIN='analytics.mycompany.com'
USER_DIRECTORY = 'MYCOMPANYAD'
USER_ID = 'myuser' # Root Admin user
XRF_KEY = '123456789abcdefg' # You can change this
PROXY_PREFIX = 'testmashup' # Your virtual proxy prefix
QPS_API_URL = f"https://{QLIK_SENSE_SERVER_DOMAIN}:4243/qps/{PROXY_PREFIX}/ticket?xrfkey={XRF_KEY}"
QPS_HEADERS = {
'content-type': 'application/json',
'X-Qlik-xrfkey': XRF_KEY,
'X-Qlik-user': f'UserDirectory={USER_DIRECTORY};UserId={USER_ID}'
}
assert len(XRF_KEY)==16, f'''XRF_KEY ERROR. XRF_KEY={XRF_KEY} len={len(XRF_KEY)}
XRF_KEY must be alphanumeric and 16 characters length.
See https://community.qlik.com/t5/Integration-Extension-APIs/403-XSRF-when-calling-QPS-API-iframe-mashup-code-using-python/m-p/2093779/highlight/true#M18855 '''
MASHUP_URL = f"https://{QLIK_SENSE_SERVER_DOMAIN}/{PROXY_PREFIX}/extensions/TestMashup/TestMashup.html"
@app.route('/')
def serve_page():
ticket = get_ticket(USER_DIRECTORY, USER_ID)
iframe_src=f"{MASHUP_URL}?QlikTicket={ticket}"
html = f"""<!DOCTYPE html>
<html style="height: 100%;">
<body>
<iframe src="{iframe_src}" frameborder="0" scrolling="yes" seamless="seamless" style="display:block; width:100%; height:100vh;"></iframe>
</html>"""
return render_template_string(html)
def get_ticket(user_directory, user_id):
payload = {
"UserDirectory": user_directory,
"UserId": user_id,
"Attributes": []
# "TargetId": targetId, # what is actually this targetId ???
}
response = requests.post(QPS_API_URL, headers=QPS_HEADERS, json=payload, \
cert=(r'client.pem', \
r'client.pem'), \
verify=False)
# response.raise_for_status() # Raises stored HTTPError, if one occurred.
ticket = response.text
print("QPS_API_URL", QPS_API_URL)
print("ticket: ", ticket)
print("response: ", response)
print("response.reason: ", response.reason)
return ticket
if __name__ == "__main__":
app.run(port=8080)
Hello @virilo_tejedor
Hello @virilo_tejedor
Yes, I changed the XRF_KEY to be 16 character length and it worked like a charm.
I marked your answer as the solution, and modified the code with an assertion, so other people will be able to reuse this code without stumbling with the same issue.
BTW, I checked also that after cleaning qliksense cookies, it doesn't show the mashup. It shows an squared icon (with an X inside) instead.
Thanks a lot @Damien_V for your help, and for the clarification regarding the TargetId parameter.