When using mashups or iframes and Google Chrome 80 (or higher), or when opening documents with a direct link, it's not possible to access QlikView documents on different domains. This only affects very specific scenarios, mostly with Workbench or iframes.
Users can get this error in the AccessPoint:
"A cookie associated with a cross-site resource at ... was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`.
Using direct links the error can be:
"Failed to access document. You do not have access"
To test if a customer's site will be affected by the Chrome 80 release, the following options are available
- install Google Chrome Beta 80 and test the environment or
- in Chrome 79, go to chrome://flags and set the flag for "SameSite by default cookies" to Enabled and test the environment
Affected Versions:
Google Chrome 80 or higher
QlikView 11.20 up to SR19
QlikView 12.20 up to SR9
QlikView 12.30 (November 2018) up to SR3
QlikView 12.40 (April 2019) up to SR2
Resolution
Fix versions:
QlikView 11.20 SR20
QlikView 12.20 SR10
QlikView 12.30 (November 2018) SR4
QlikView 12.40 (April 2019) SR3
and later.
Please note that the web server must be running on HTTPS for the SameSite attribute to work in QlikView.
In you are on one of the above versions or higher, enable the SameSite attribute in the following way:
For QlikView Web Server (QVWS):
This change is introduced in QVWS and can be controlled through QVWS configuration file. Default setting for https is to set SameSite=None. Default behavior for http communication is to not set SameSite attribute, neither the Secure attribute, just like it was before this change.
SameSite settings for QlikView can be found and changed in QVWebServer.exe.config (C:\Program Files\QlikView\Server\Web Server). Save changes and restart QVWS service.
For IIS:
The same site settings have to be added manually to ”Application Settings” on the IIS server. (IIS/Default Web Site/ASP.NET/Application Settings)
| Name |
Value |
| EnableSameSiteSettings |
True |
| SameSiteCookieProperty |
None |
Also make sure that C:\ProgramData\QlikTech\WebServer\config.xml have the value: https://_/ If DefaultUrl is set to http, enable the QMC / QlikView Web Server/ General tab / “Use https” checkbox If EnableSameSiteSetting is set to false, the SameSite functionality will be disabled and QlikView will operate as it did before the fix was introduced, but Chrome 80 will deny access to third-party cookies.
Effective workarounds if not possible to upgrade immediately:
- in Google Chrome, go to chrome://flags and set the flag for "SameSite by default cookies" to disabled
- turn off the autoupdate of Chrome (for users that have not upgraded yet)
- revert to Google Chrome 79
- use a different browser
Related Content
For Chrome SameSite settings for Qlik Sense: SameSite settings stopped working after upgrade
Information provided on this defect is given as is at the time of documenting. For up to date information, please review the most recent Release Notes, or contact support at support.qlik.com with the ID QV-19500 for reference.
