Extension not available with virtual proxy (header auth)
I am having troubles with accessing extensions when I am accessing Qlik Sense via a virtual proxy which is using header authentication.
I first noticed this when using a mashup which is trying to embed qlik extensions into the page. In the console log I can see the following error (403 Forbidden):
From the error message I can see that the xrfkey of the GET request differs from the one which is used in the initial header authentication.
Here are the settings from QMC (virtual proxy):
I would assume that xrfkey is causing XSFR check failure, but I am not sure how to fix it.
In the actual authentication we are defining the X-Qlik-Xrfkey and other headers as supposed. The authentication is working properly. For some reason our mashup is using different xrfkey when trying to access extensions via qrs API.
Any ideas how to fix the issue?
here is the screenshot of the object from the hub (when using the same virtual proxy and header authentication):
I tested the call to .../qrs/extension/schema with postman simultaneously while having a session open (in my browser). The strange this is that my request works as long as I pass the same xrfkey as query parameter as I have in my open session (in browser). As soon as I change the xrfkey, I get error: XSRF prevention check failed. Possible XSRF discovered.
Here is also the screenshot from the postman:
Seems like I need to some how handle the xrfkey when my mashup is trying to access the extensions, but unfortunately the xrfkey is outside of my control?