Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
NEW: Seamless Public Data Sharing with Qlik's New Anonymous Access Capability: TELL ME MORE!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ferreirix
Partner - Contributor
Partner - Contributor
‎2020-01-15 06:22 AM

403 Origin is not allowed - Request blocked by CORS policy

Hi friends,

 

I'm trying to integrate a Qlik sheet in a third party application using an iframe.

For my tests I created a virtual proxy and on the Advanced Tab > Addtitional response header I added the following:

Access-Control-Allow-Origin:*

When I request the page from a localhost origin it works, but with any other domain name it doesn't.

Sample curl which returns 200 - OK

 

 

curl --location --request OPTIONS 'https://qliksense-test.mydomain.fr/imlost/sense/app/3ff17861-efe9-xxxx-9656-82e830a2d8a9/sheet/BRAtD/state/analysis' \
--header 'Connection: keep-alive' \
--header 'Pragma: no-cache' \
--header 'Cache-Control: no-cache' \
--header 'Access-Control-Request-Method: GET' \
--header 'Origin: https://localhost' \
--header 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36' \
--header 'Access-Control-Request-Headers: authorization' \
--header 'Accept: */*' \
--header 'Sec-Fetch-Site: cross-site' \
--header 'Sec-Fetch-Mode: cors' \
--header 'Referer: https://localhost/' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Accept-Language: en-US,en;q=0.9,fr;q=0.8,pt;q=0.7'

 

 

 

Sample curl wich returns 403 - OK

 

 

curl --location --request OPTIONS 'https://qliksense-test.mydomain.fr/imlost/sense/app/3ff17861-efe9-xxxx-9656-82e830a2d8a9/sheet/BRAtD/state/analysis' \
--header 'Connection: keep-alive' \
--header 'Pragma: no-cache' \
--header 'Cache-Control: no-cache' \
--header 'Access-Control-Request-Method: GET' \
--header 'Origin: https://whateverdomain.com' \
--header 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36' \
--header 'Access-Control-Request-Headers: authorization' \
--header 'Accept: */*' \
--header 'Sec-Fetch-Site: cross-site' \
--header 'Sec-Fetch-Mode: cors' \
--header 'Referer: https://whateverdomain.com/' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Accept-Language: en-US,en;q=0.9,fr;q=0.8,pt;q=0.7'

 

 

 

I've also tried specifying the domain name in the Access-Control-Allow-Origin header but to no avail. Only localhost/127.0.0.1 work.

 

Other infos:

Version: Qlik Sense September 2019 - 13.42.1

License: Some sort of test/trial

 

Thank you in advance for any help.

 

 

Labels (6)
Labels
5,964 Views
0 Likes
1 Solution

Accepted Solutions
Alvaro_Palacios
Support
Support
‎2020-01-16 09:44 AM

Hi,

Have you seen these two resources?

Qlik Sense Mashup Fails To Render When Deployed To Webserver - https://support.qlik.com/articles/000025792

https://community.qlik.com/t5/Qlik-Sense-Integration-Extensions-APIs/Cross-Origin-Request-Blocked-us...

Let me know if this helps.

Alvaro

View solution in original post

5,924 Views
2 Replies
Alvaro_Palacios
Support
Support
‎2020-01-16 09:44 AM

Hi,

Have you seen these two resources?

Qlik Sense Mashup Fails To Render When Deployed To Webserver - https://support.qlik.com/articles/000025792

https://community.qlik.com/t5/Qlik-Sense-Integration-Extensions-APIs/Cross-Origin-Request-Blocked-us...

Let me know if this helps.

Alvaro

5,925 Views
ferreirix
Partner - Contributor
Partner - Contributor
‎2020-01-16 11:26 AM
Author

In response to Alvaro_Palacios

That put me on track. 

 

The Access-Control-Allow-Origin is deprecated as of Qlik Sense 2.2

 

Simply had to whitelist the domain.

 

Thanks a lot.

5,914 Views