Qlik Session Cookie proxy embedding: Access to XML... - Qlik Community

rlesage · ‎2024-01-15

Hi,

I am embedding Qlik Cloud within an azure web app. I have used the tutorial from qlik.dev on session cookie proxies. https://qlik.dev/authenticate/jwt/jwt-proxy/quickstart-qlik-jwt-proxy/

Unfortunately, after succesfully logging in via the third party authentication tool, I get this error:

Access to XMLHttpRequest at 'https://xxx.region.qlikcloud.com/resources/autogenerated/product-info.json' (redirected from 'https://webapp.azurewebsites.net/resources/autogenerated/product-info.json') from origin 'https://webapp.azurewebsites.net' has been blocked by CORS policy

The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

This is my setCors function

function setCors(res) {
  res.set('Access-Control-Allow-Origin', frontendUri)
  res.header('Access-Control-Allow-Origin', frontendUri)
  res.header('Access-Control-Allow-Credentials', 'true')
  res.set('Access-Control-Allow-Methods', 'GET, OPTIONS')
  res.set('Access-Control-Allow-Headers', 'Content-Type, x-proxy-session-id')
  res.set('Access-Control-Allow-Credentials', 'true')
  res.header('Access-Control-Allow-Credentials', 'true')
}

jprdonnelly · ‎2024-01-16

@rlesage - have you also created a Web Integration in your Qlik Cloud Console and set the appropriate Content Security Policy?

- @jprdonnelly

Ray_Strother · ‎2024-01-16

The below link may also help:

Mixed Content and CORS error for Access-Control-Al... - Qlik Community - 1715904

rlesage · ‎2024-01-17

Hi,
Yes I have done that.
Thanks anyway!

Qlik Session Cookie proxy embedding: Access to XMLHttpRequest has been blocked by CORS policy

API

Extension

Integration

SaaS