I used this method in mashup editor and it works well. When I moved the code to our app I'm getting 403 error: "The initial authentication request must be a "GET" request in order to be redirected to the authentication module".
Note that if your users are logged in as Anonymous, this is a documented limitation in the release note:
Export as Anonymous does not work for mashups deployed in a domain that is different from the domain in which Qlik Sense is installed. Export only works for Anonymous if the mashup is deployed in the same domain as Qlik Sense.
I checked this, I have the session cookie (X-Qlik-Session) on place. When I ask for require.js file from qlik server I geting redirected to internal windows authentication, I get the qlikTicket and then cookie is set (I can see Set-Cookie in response header).
When request for pdf is sent ("<server>/printing/export/object/pdf") this cookie is not attached to request.