Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello,
We are facing an issue in our application, which embeds a Qlik Sense dashboard from our analytic server.
When cache is disabled at browser level, (i.e chrome dev tools - clear cache and empty and hard reload) the qlik sense dashboard, title and objects of the sheet load without issue.
However, when cache is enabled, we are getting a number of CORS issues in the console, such as (1a below), even with our page headers including, "no-store, no-cache, must-revalidate". These CORS issues are not present, as above, when the cache is disabled.
1a;
Access to XMLHttpRequest at 'https://aaaa.xxxx.com/resources/qmfe/sense-client/8.0.13/translations/client/en-US.json' from origin 'https://yyyy.xxxx.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
GET https://aaaa.xxxx.com/resources/qmfe/sense-client/8.0.13/translations/engine/en-US.json net::ERR_FAILED
Looking at our code, it appears the code is not running at the following javascript function;
require(["js/qlik"], function(qlik) {
require.config( {
baseUrl: ( config.isSecure ? "https://" : "http://" ) + config.host + (config.port ? ":" + config.port: "") + config.prefix + "resources",
waitSeconds: 15,
paths: {
qlik: 'js/qlik.js?qlikTicket=<cfoutput>#session.analyticsLoggedIn#</cfoutput>&v=' + (new Date()).getTime()
}
});
Review the below ideas, let me know if it is useful.
The issue you are encountering with CORS (Cross-Origin Resource Sharing) when caching is enabled in your application embedding Qlik Sense dashboards is indeed challenging, especially in a multi-tenant environment with various domains and subdomains. Let's break down the problem and possible solutions:
CORS Policy: CORS is a security feature that restricts web applications from making requests to a domain different from the one that served the web page. Your error message indicates that the browser is blocking requests to resources from https://aaaa.xxxx.com
when originating from https://yyyy.xxxx.com
due to the absence of the Access-Control-Allow-Origin
header.
Cache Behavior: When cache is disabled, the browser may not strictly enforce certain security checks like CORS, which explains why you don't encounter the issue in this scenario. However, with caching enabled, these security checks are enforced, leading to the CORS errors you're observing.
JavaScript require
Function: This function not running indicates that the script it's supposed to load (qlik.js
) isn't being accessed correctly, possibly due to the CORS issues.
Properly Configure CORS Headers: Ensure that your server (https://aaaa.xxxx.com
) includes the appropriate CORS headers in its responses. Specifically, it needs to include the Access-Control-Allow-Origin
header with the value set to the origin of your requesting site (https://yyyy.xxxx.com
) or a wildcard (*
), although the latter is less secure and not recommended in a production environment.
Verify Cache-Control Headers: Although you mentioned setting "no-store, no-cache, must-revalidate"
, it's important to ensure that these headers are correctly implemented on both the server and client sides.
Cross-Domain Requests with Subdomains: In a multi-tenant environment with various subdomains, you might need to dynamically set the Access-Control-Allow-Origin
header based on the requesting origin, ensuring that only trusted domains are allowed.
Update require
Configuration: Ensure that the require.config
paths and baseUrl are correctly set. The issue might also be related to how caching is managed for the qlik.js
file. The query parameter v=(new Date()).getTime()
is commonly used to avoid caching, but there might be conflicts with other caching policies set at the browser or server level.
Debugging Tips:
Server Configuration: If you have control over the Qlik Sense server, consider modifying its configuration to better handle CORS, especially considering the multi-tenant nature of your setup.
Remember, CORS policies are critical for web security, so while troubleshooting, it's important to maintain a balance between functionality and security. If you need more specific guidance, especially regarding Qlik Sense server configurations or advanced JavaScript debugging, please provide additional details.