Skip to main content
Announcements
Marching toward a simplified navigation! READ ON
cancel
Showing results for 
Search instead for 
Did you mean: 
deardley
Partner - Contributor II
Partner - Contributor II

Virtual Proxies - Host white list entry with subdomain wildcard


Hello,

We are integrating Qlik apps into our application using an iframe and a virtual proxy with JWT authentication. To authenticate, our application generates a JWT and then we use the Fetch API in the browser to make a request to qps/user, which establishes a session and returns a session cookie that we use for all subsequent requests.

This approach is working fine for static hosts (e.g. subdomain.domain.com) that we add to the host white list in the virtual proxy settings. But in one of our other environments, the subdomain can be almost anything, so we would like to able to whitelist anything that ends with domain.com. This article makes it sound like it should be possible, but it does not work when only domain.com is in the host white list. In Chrome we are getting the following error:

Cross-Origin Resource Sharing error: PreflightMissingAllowOriginHeader

Has anyone else come up against this issue, and found a solution?

Labels (2)
2 Solutions

Accepted Solutions
Benoit_C
Support
Support

Hello deardley,

 

The error you've found is a CORS error and CORS is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. 

So I assume that below part from Qlik article should apply:

 

To support switching schema when using cross-origin resource sharing (CORS), the host white list must include the schema to avoid requests being blocked by the CORS policy.

Example: 
If you have a mashup loaded from an unsecure web site (http://subdomain.domain.com) and Qlik Sense running secure (https://qlik.sense... ), the schema, (http://subdomain.domain.com), must be present in the host white list. In this case put the whole address with the "http://"

 

 

Regards,

Benoit

View solution in original post

bewerent
Contributor II
Contributor II

What do you think about using mobile proxies? Some people try to convince me they are better than regular proxies because they offer you a new IP for every connection. Some even say using your phone as a proxy server is a good idea if you have a good mobile data plan. The fact is that every time a phone connects to mobile data, it gets assigned a new IP. What’s your take on that?
Usually, I choose Brazilian proxies from https://soax.com/brazil-proxy for my working projects. They are simple to use and never get detected. I also like that the IPs are 100% whitelisted. However, I am still concerned a little about safety, and that’s why this mobile proxy rant interests me.

View solution in original post

2 Replies
Benoit_C
Support
Support

Hello deardley,

 

The error you've found is a CORS error and CORS is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. 

So I assume that below part from Qlik article should apply:

 

To support switching schema when using cross-origin resource sharing (CORS), the host white list must include the schema to avoid requests being blocked by the CORS policy.

Example: 
If you have a mashup loaded from an unsecure web site (http://subdomain.domain.com) and Qlik Sense running secure (https://qlik.sense... ), the schema, (http://subdomain.domain.com), must be present in the host white list. In this case put the whole address with the "http://"

 

 

Regards,

Benoit

bewerent
Contributor II
Contributor II

What do you think about using mobile proxies? Some people try to convince me they are better than regular proxies because they offer you a new IP for every connection. Some even say using your phone as a proxy server is a good idea if you have a good mobile data plan. The fact is that every time a phone connects to mobile data, it gets assigned a new IP. What’s your take on that?
Usually, I choose Brazilian proxies from https://soax.com/brazil-proxy for my working projects. They are simple to use and never get detected. I also like that the IPs are 100% whitelisted. However, I am still concerned a little about safety, and that’s why this mobile proxy rant interests me.