Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Introducing Qlik Answers: A plug-and-play, Generative AI powered RAG solution. READ ALL ABOUT IT!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
deardley
Partner - Contributor II
Partner - Contributor II
‎2022-05-10 07:35 PM

Virtual Proxies - Host white list entry with subdomain wildcard


Hello,

We are integrating Qlik apps into our application using an iframe and a virtual proxy with JWT authentication. To authenticate, our application generates a JWT and then we use the Fetch API in the browser to make a request to qps/user, which establishes a session and returns a session cookie that we use for all subsequent requests.

This approach is working fine for static hosts (e.g. subdomain.domain.com) that we add to the host white list in the virtual proxy settings. But in one of our other environments, the subdomain can be almost anything, so we would like to able to whitelist anything that ends with domain.com. This article makes it sound like it should be possible, but it does not work when only domain.com is in the host white list. In Chrome we are getting the following error:

Cross-Origin Resource Sharing error: PreflightMissingAllowOriginHeader

Has anyone else come up against this issue, and found a solution?

Labels (2)
Labels
2,427 Views
0 Likes
2 Solutions

Accepted Solutions
Benoit_C
Support
Support
‎2022-05-11 06:08 AM

Hello deardley,

 

The error you've found is a CORS error and CORS is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. 

So I assume that below part from Qlik article should apply:

 

To support switching schema when using cross-origin resource sharing (CORS), the host white list must include the schema to avoid requests being blocked by the CORS policy.

Example: 
If you have a mashup loaded from an unsecure web site (http://subdomain.domain.com) and Qlik Sense running secure (https://qlik.sense... ), the schema, (http://subdomain.domain.com), must be present in the host white list. In this case put the whole address with the "http://"

 

 

Regards,

Benoit

View solution in original post

2,396 Views
0 Likes
bewerent
Contributor II
Contributor II
‎2022-10-12 04:38 AM

What do you think about using mobile proxies? Some people try to convince me they are better than regular proxies because they offer you a new IP for every connection. Some even say using your phone as a proxy server is a good idea if you have a good mobile data plan. The fact is that every time a phone connects to mobile data, it gets assigned a new IP. What’s your take on that?
Usually, I choose Brazilian proxies from https://soax.com/brazil-proxy for my working projects. They are simple to use and never get detected. I also like that the IPs are 100% whitelisted. However, I am still concerned a little about safety, and that’s why this mobile proxy rant interests me.

View solution in original post

2,177 Views
0 Likes
2 Replies
Benoit_C
Support
Support
‎2022-05-11 06:08 AM

Hello deardley,

 

The error you've found is a CORS error and CORS is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. 

So I assume that below part from Qlik article should apply:

 

To support switching schema when using cross-origin resource sharing (CORS), the host white list must include the schema to avoid requests being blocked by the CORS policy.

Example: 
If you have a mashup loaded from an unsecure web site (http://subdomain.domain.com) and Qlik Sense running secure (https://qlik.sense... ), the schema, (http://subdomain.domain.com), must be present in the host white list. In this case put the whole address with the "http://"

 

 

Regards,

Benoit

2,397 Views
0 Likes
bewerent
Contributor II
Contributor II
‎2022-10-12 04:38 AM

What do you think about using mobile proxies? Some people try to convince me they are better than regular proxies because they offer you a new IP for every connection. Some even say using your phone as a proxy server is a good idea if you have a good mobile data plan. The fact is that every time a phone connects to mobile data, it gets assigned a new IP. What’s your take on that?
Usually, I choose Brazilian proxies from https://soax.com/brazil-proxy for my working projects. They are simple to use and never get detected. I also like that the IPs are 100% whitelisted. However, I am still concerned a little about safety, and that’s why this mobile proxy rant interests me.

2,178 Views
0 Likes