I'm configuring a mashup to run from an IIS Server, instead of using the internal Qlik Sense server. Both on same machine but using different ports. IIS on 8080 and Qlik on 80.
When I open the url http://<nydomain.com>:8080/mashupsite the authentication is fine and the html elements are shown in the page as well but the qlik objects doens´t display.
After reviewing the developer console I found the errror below:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://<mydomain.com>/resources/autogenerated/product-info.json?1532484125189. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
I already added the tag Access-Control-Allow-Origin in the additional response headers parameter in the virtual proxy (default) but the error is still there.
The server is version June/2018 and using only the default virtual proxy using ticket and windows authentication.
Does anyone have a clue about how to solve this issue ?
pablolabbe, no (or well it shouldn't) -
In June 2018 release our sense-client team implemented a better, faster and more performant build system, this implementation introduced this issue.
Hello Pablo ..
In the June 2018 release Qlik Sense Client (and mashups) are now fetching a few json files (languages and product info) from Qlik Sense Server.
If you are hosting your mashup from a different domain than where Qlik Sense Server is installed then you need to configure your virtual proxy and whitelist your mashups domain so that cross-origin requests are allowed.
try to add
to your whitelist on the virtual proxy you're using.
May be, check this for properties specifications pertains, Cross-Origin Request:
Credentialed requests and wildcards
When responding to a credentialed request, the server must specify an origin in the value of the Access-Control-Allow-Origin header, instead of specifying the "*" wildcard.
Because the request headers in the above example include a Cookie header, the request would fail if the value of the Access-Control-Allow-Origin header were "*". But it does not fail: Because the value of the Access-Control-Allow-Origin header is "http://foo.example" (an actual origin) rather than the "*" wildcard, the credential-cognizant content is returned to the invoking web content.
Note that the Set-Cookie response header in the example above also sets a further cookie. In case of failure, an exception—depending on the API used—is raised.
In the server I have a virtual proxy with these setting and it works just fine
How do you change this in Qlik Sense Desktop where there is no QMC? I got the same error as Pablo when I develop localy on port 4848.