Hi all,

I am currently trying to create an external QlikSense mashup. The issue I am currently running into is a CORS issue when trying to send the qlikTicket over to the Qlik server.

Ideal Setup/Flow is currently like this:

1. User inputs login credentials into angular frontend. These credentials are passed to backend via RestAPI.

2. Java backend then verifies login credentials before asking qlik server for a ticket number. This ticket is passed to the frontend.

3. Frontend then makes a $http.get() request to a darknoise url with the ticket as a query parameter to get the cookie to authenticate the session.

4. Redirect browser to application that is using require.js (since you have to be authenticated to access this resource).

Both backend and frontend are external to Qlik.

At step 3, I am running into the CORS issue. I've tried adding various configurations to Additional Response Headers in the virtual proxy section involving Access-Control-Allow-Origin including * and my host. Neither worked.

Does anyone have any ideas as to why this isn't working or suggestions for how I can authenticate my session from an external mashup without directing the user away from the webpage and to the qlik server?

My current workaround is loading a hidden iframe with the qlik url including the ticket. This works, however, in order to dynamically create the iframe url, I have to $sce.trustAsResourceUrl the image, which causes a MIME type issue that stops the application from progressing until clicking again.

Thank you,