Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
pablolabbe
Luminary Alumni
Luminary Alumni

Cross-Origin Request Blocked using mashup API

Hi,

  I'm configuring a mashup to run from an IIS Server, instead of using the internal Qlik Sense server. Both on same machine but using different ports. IIS on 8080 and Qlik on 80.

   When I open the url http://<nydomain.com>:8080/mashupsite  the authentication is fine and the html elements are shown in the page as well but the qlik objects doens´t display.

  After reviewing the developer console I found the errror below:


  Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://<mydomain.com>/resources/autogenerated/product-info.json?1532484125189. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).


  I already added the tag Access-Control-Allow-Origin in the additional response headers parameter in the virtual proxy (default) but the error is still there.


  The server is version June/2018 and using only the default virtual proxy using ticket and windows authentication.

  Does anyone have a clue about how to solve this issue ?

20 Replies
09999
Contributor II
Contributor II

so after downgrading qlik sense desktop version were you able to get rid of this error? if so to what version you downgraded?

royal_87
Partner - Contributor III
Partner - Contributor III

I don't get the error in april version and before.

rodolfoviolac
Contributor III
Contributor III

Hi pablolabbe‌ I fixed this issue setting the appropriate response header on server side, if you are using NodeJS you can use this lib https://github.com/expressjs/cors‌ if not you can just set the "Access-Control-Allow-Origin" : "*" to the response header!

Exemple of response allowing CORS using Express:

  res.header("Access-Control-Allow-Origin", "*");

  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

paoloderegibus
Partner - Contributor III
Partner - Contributor III

Hello guys,

I was able to solve the cors issue for the desktop version using browsers add-ons.

For firefox I am using CORS everywhere: CORS Everywhere – Scarica l’estensione per    Firefox (it)

For Chrome MoesIf CORS changer: Moesif Origin & CORS Changer - Chrome Web Store with the following settings since I my local dev-server answers on port 3000.

These add-ons will work only for the desktop version: you won't be able to connect to an actual QS server and use capability APIs.

If you are using an express local server to develop your app I suggest to take a look at this packege: http-proxy-middleware - npm. I am using it with the dev-server provided by create-react-app and I am able to connect to dektop APIs as well as Enterprise Server APIs, although it requires a bit of configuration.

sebastian_serva
Partner - Contributor III
Partner - Contributor III

Hi @Anders-Nilsson,

You're suggestion saved the day. I had the same issue, and by white listing the protocol + FQDN + port it solved the cross-domain issue + weird 'zone.js' error.

Can you explain a bit more in detail why this step is required? Before June 18 when you loaded js/qlik, it was also requiring multiple JS files and this white list entry was not needed. Is it because it's requiring JSON files?

Thanks again,

Seb.

KStreak
Contributor II
Contributor II

Hello All,

I am also facing this issue in Apr 2018 release Patch1. We are trying to integrate the mash-up inside sales force and getting this error, Tried by setting allo-access control but, it does not reflect when i verify in Chrome.

any help will be appreciated or Do we need to log a case with Qlik.

arodriguez5
Partner - Contributor II
Partner - Contributor II

Hello All,

I get the same issue on qlik server june2018, any solution?

Virtual proxy

Access-Control-Allow-Origin: https://<mydomain>:4343
Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token

 

Qlik and web serrver (IIS) in same server.  please help

 

 

  Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://<mydomain.com>/resources/autogenerated/product-info.json?1532484125189. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

 

arodriguez5
Partner - Contributor II
Partner - Contributor II

Nobody help me? any idea guys?

KStreak
Contributor II
Contributor II

I worked with QlikTech Support team to resolve this issue. Please watch how to solve CORS Issue https://www.youtube.com/watch?v=slM8ZOfjOBA
arodriguez5
Partner - Contributor II
Partner - Contributor II

It stays the same problem, follow the video instructions and same problem...can you send your config (virtual proxys, server webapp config (headers) )...thx