Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE

How to determine string policy for Content Security Policy Header

No ratings
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Filippo_Nicolussi_P
Support
Support

How to determine string policy for Content Security Policy Header

Last Update:

Sep 20, 2021 9:14:01 AM

Updated By:

Sonja_Bauernfeind

Created date:

Nov 26, 2018 2:12:55 PM

Customer policy adopted injection via the reverse proxy of the Content Security Policy header for security reasons. 

The policy adopted is basic: default-src 'self'

Opening the QlikView AccessPoint or Qlik Sense Hub may fail or the AccessPoint may only render partially. 

The Browser Debug tools will provide more insight:

content security errors identified in debug tools.png
 

Environment:

QlikView 
Qlik Sense Enterprise on Windows 

 

The Header Content Security Option contains a string of rules that informs the browser which resource/code is trusted to be loaded, executed rendered. 

More details on the argument could be found here: 
 https://www.w3.org/TR/CSP3/ ,
 

Resolution:


For QlikView Accesspoint a first example is to use Content-Security-Policy: "default-src 'self'  'unsafe-inline' data: ;" ; (note that using 'unsafe-inline'  option could be unsafe in a the proxy injection scenario when the client will brose a different site , you could/evaluate to use instead the  sha256-hashcode version )  
Further option could be necessary if for example you have QlikView Extension Object ( Server and Document Extensions) that are using external resources downloaded from CDN locations;
In this case the troubleshoot is the same use F12/Development Tools to check the resource that violates the policy and ad an exclusion. 

 

Related Content:


QlikView Access Point Shows "Loading Content" Indefinitely,
What is CSP (Content-Security-Policy) and How does it Relate to Qlik?


 

QlikView
Thumbnail of QlikView
QlikView
Qlik Sense Enterprise on Windows
Thumbnail of Qlik Sense Enterprise on Windows
Qlik Sense Enterprise on Windows
1,327 Views
Was this article helpful? Yes No
Comments
rohitgharat
Partner - Contributor III
Partner - Contributor III
‎2022-11-17 01:48 AM

Hi @Filippo_Nicolussi_P ,

How can we implement Content Security Policy in Qliksense Enterprise version?

 

Regards,

Rohit Gharat

Sonja_Bauernfeind
Digital Support
Digital Support
‎2022-11-23 03:29 AM

Hello @rohitgharat 

I believe I already provided you with an answer to this in a different post. Copying it in here for reference:

If you are looking to add custom response headers in Qlik Sense (Enterprise on Windows), see How to add additional response headers in Qlik Sense.

Please note that we cannot advise on what headers to add.

All the best,
Sonja 

Contributors
Version history
Last update:
‎2021-09-20 09:14 AM
Updated by:
Digital Support