Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Issue with custom proxy and iOS

Hello,

Our setup is a Qlik Sense server and we have a virtual proxy where the "authentication module redirect URI" is pointing to a node.js server (HTTP) which is using the qlik-auth (qlik-auth) node.js module to handle authentication with tickets.

We have a web application which is linking to some qlik reports directly in the HUB, so the link to a qlik report would look like:

http://qlikserver/proxyname/sense/app/appid/sheet/sheetid/state/analysis

This works very well when we use a Desktop browser to access our web application, but when we use an iPad (4th gen, iOS 10.3.1), our authentication server is flooded with requests and the http headers contain a "Upgrade-Insecure-Requests: 1" header field. I'm aware that iOS does not like unsigned https requests and will block them, but as I understand the qlik authentication API, it is only the path between the auth server and the qlik proxy which is using HTTPS (the qps auth api).

When I examine the requests, the same targetId sometimes appear (guess that is pointing to some resource that was requested by the client?) and sometimes the qlik proxy will respond with a "Specified targeted was not valid!". I have also noticed that the "Referer" http header is sometimes the URL of my web app client and other times it will be the URL of the qlik report that I am requesting.

I don't understand why we get so many requests on our auth server and I dont understand why this does not work on the iPad. Maybe someone can clarify and point out what we are doing wrong? We are also getting reports from our users that it does not work on other tablets (samsung/android) as well and I am guessing that it is the same issue.

I have tried setting up our authentication server on HTTPS with a valid certificate and access the qlik reports via HTTPS as well, and then it all works as expected.

Hopefully someone can shed some light of what the problem is?

Thanks,

Rasmus

2 Replies
Not applicable
Author

I have noticed that when I make a request to a qlik report, it will go through the auth server and then I will get a ticket id and then the report is requested again, now with the qlikTicket url parameter attached. But requests to resources after that does not contain the qlikTicket parameter. They only have a large number, which I assume to be a timestamp?? It looks something like this:

URLProtocolMethodResultTypeReceivedTakenInitiatorWait‎‎Start‎‎Request‎‎Response‎‎Cache read‎‎Gap‎‎
1https://HOST/custom/sense/app/b814bd91-78a1-427e-84fd-3c8cf8bfcbdd/sheet/hdPcq/state/analysis/option...HTTPSGET302289 B16 msframe navigate70953160004937
2https://HOST:8080/?proxyRestUri=https%3a%2f%2fHOST%3a4243%2fqps%2fcustom%2f&targetId=d47572bf-3d28-4...HTTPSGET302284 B78 msframe navigate709693147004859
3https://HOST/custom/sense/app/b814bd91-78a1-427e-84fd-3c8cf8bfcbdd/sheet/hdPcq/state/analysis/option...HTTPSGET200text/html2.55 KB47 msframe navigate710471532004812
4https://HOST/custom/resources/assets/external/leonardo-ui/leonardo-ui.css?1472561073404HTTPSGET302289 B15 ms<link rel="stylesheet">71094150004797
5https://HOST/custom/resources/assets/client/client.css?1472561073404HTTPSGET302289 B16 ms<link rel="stylesheet">71109160004781
6https://HOST/custom/resources/css/base/responsive-state.css?1472561073404HTTPSGET302289 B16 ms<link rel="stylesheet">71109160004781
7https://HOST/custom/resources/assets/external/requirejs/require.js?1472561073404HTTPSGET302289 B16 ms<script>71109160004781

From the example above, row 1 is the initial request to the report. Row 2 is the redirect to the auth server. Row 3 is the new request with a ticketID (after user was authorized).  Row 4 is a request for a resource, but without the ticketID and the response is a redirect to the auth server (not listed here). Result: my auth server is flooded with requests and a ticket is consumed every time.

FYI: The name of my virtual proxy is "custom".

Can anyone explain this behaviour?

Not applicable
Author

I have found out that the issue is that we are loading the qlik report in an iframe and it does not support cross domain cookies. That is why all requests are routed to the auth server. On the iPad we can change the cookie settings for Safari and then it will work. But still not working in Chrome on iOS.