Hi,
I am trying to embed some graphs from Qlik Sense authenticating through a virtual proxy with JWT which was working perfectly until now. This is my HTML code that embeds the graph:

<html>
    <script>
        var xhr = new XMLHttpRequest();
        var token = '<jwt token>'

        xhr.open('GET', 'https://bi.dglserv.com.br/jwt/single/?appid=39119e36-67e8-42bc-b94e-d2d2f7471a39&obj=HKjPDJ&theme=horizon&opt=ctxmenu,currsel');
        xhr.onreadystatechange = handler;
        xhr.responseType = 'blob';
        xhr.setRequestHeader('Authorization', 'Bearer ' + token);
        xhr.setRequestHeader('Access-Control-Allow-Origin', '*');
        xhr.send();

        function handler() {
        if (this.readyState === this.DONE) {
            if (this.status === 200) {
            // this.response is a Blob, because we set responseType above
            var data_url = URL.createObjectURL(this.response);
            document.getElementById('test').src=data_url;
            } else {
            console.error('no pdf :(');
            }
        }
        }
    </script>
    <body>
        <iframe id="test" src="" style="border:none;width:100%;height:100%;"></iframe>
    </body>
</html>

And these are the setting from my virtual proxy:

However I am getting a 403 (untrusted http origin header scheme is not allowed) error when loading the page:

Did anybody else have this problem? How did you fix it?