Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
Andre_Sostizzo
Digital Support
Digital Support
‎2020-01-24 03:41 PM

Cross-Site requests with cookie without the SameSite attribute are being blocked

Development that use cross-site resources may encounter issues when Chrome version 80 is released in the month of February 2020.

Development that use cross-site resources may encounter issues when Chrome version 80 is released in the month of February 2020. An example of when issue may occur is when using  "domReady".  (https://www.cdnpkg.com/require-domReady)

The following may be registered in the Google Chrome Development Tools:

"A cookie associated with a cross-site resource at ....[URL]... was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032."

Even though this comes from the Chrome console, other browsers as Mozilla and Edge may also displaying similar warnings. 

The above may currently happen on the latest Qlik Sense Enterprise and QlikView releases.

This is cause by a new CORS security standard/feature that browsers are now enforcing, or beginning to enforce as developers begin to opt in. More information is available here https://www.chromestatus.com/feature/5088147346030592 and here https://www.chromestatus.com/feature/5633521622188032 as the above error mentions.

R&D is currently working on a solution, and updates regarding this will be posted here once this information becomes available.

Known Workaround(s):

  • For now, the SameSite security feature is not being enforced by default. If you are using Chrome versions 79 and below, the default setting for SameSite is "default", which is equivalent to "disabled". You can check it here chrome://flags/#same-site-by-default-cookies. In Chrome versions 80 and newer, "default" will be equivalent to "enabled", which enforces this security setting and will require an update to Qlik Sense and QlikView to prevent requests from being blocked. Until an update is provided, a temporarily workaround would be to change the SameSite setting to "disabled".
  • Edit the domain policy for where a list of specific domains are allowed for the legacy SameSite behavior to be used. See Cookie Legacy SameSite Policies.
 
NOTE:
  • Qlik will have official patches and service releases for both Qlik Sense and QlikView available on the Wednesday's, Feb 12th 2020 delivery.
  • Licensee patches will be available on demand for Qlik Sense as of Feb 3rd 2020, please contact Qlik Support.

 

Reference: https://support.qlik.com/articles/000092955

7,156 Views
14 Comments
Wlad_Masi
Employee
Employee
‎2020-01-30 05:37 PM

Please note that the blog post above was updated with the following information:

  • Qlik will have official patches available on the patch Wednesdays delivery – Feb 12th 2020.
  • Licensee patches will be available on demand as of Feb 3rd 2020, please contact Qlik Support.
0 Likes
4,951 Views
Wlad_Masi
Employee
Employee
‎2020-02-05 11:55 AM

UPDATE:

On Chrome website the release schedule now lists that Google will NOT release the SameSite change  and in a few weeks it will go out to a limited population, not a general availability to everyone.

Link to the announcement: https://www.chromium.org/updates/same-site

 

"February 4, 2020: Chrome 80 Stable released. The enablement of the SameSite-by-default and SameSite=None-requires-Secure enforcement will not be included in this initial Chrome 80 stable rollout. Please see the next item for more detailed information on the when SameSite enforcement will be enabled for Chrome 80 stable.

 

February, 2020: Enforcement rollout for Chrome 80 Stable: The SameSite-by-default and SameSite=None-requires-Secure behaviors will begin rolling out to Chrome 80 Stable for an initial limited population starting the week of February 17, 2020, excluding the US President’s Day holiday on Monday. We will be closely monitoring and evaluating ecosystem impact from this initial limited phase through gradually increasing rollouts"

4,500 Views
PrashantSangle
MVP
MVP
‎2020-02-07 02:46 AM

Are we getting patches for all QlikSense Version?

because I am facing issue in Apr 2019 Patch 3 in Salesforce.

 

4,400 Views
Wlad_Masi
Employee
Employee
‎2020-02-10 11:17 AM

@PrashantSangle  you won't be able to patch April 2019 Patch 3.
On Feb 12th we will have Apr 2019 Patch 7 with the fix, released.

4,134 Views
PrashantSangle
MVP
MVP
‎2020-02-14 02:27 AM

thanks @Wlad_Masi , we test it and it is working smoothly.

3,756 Views
Wlad_Masi
Employee
Employee
‎2020-02-14 10:44 AM

@PrashantSangle  this is a great Feedback!
Thank you for let us know.

0 Likes
3,687 Views
efournel
Contributor II
Contributor II
‎2020-02-18 10:11 AM

Hello @PrashantSangle , 

We have the same issue of SameSite in our QlikView & QlikSense environment. I have installed last Qlik release in my both software (provided 12th February) and I need to know what are the good parameter to put in .config file to avoid the Chrome rejection.  Because the release document isn't really clear for me to know what i must add in .config to reproduce the same authorization that we have in release <80.

Regards

Eric FOURNEL

2,004 Views
sunilchakala_ql
Contributor III
Contributor III
‎2020-03-13 03:49 AM

@Wlad_Masi  may i know when this fix will be released for Qliksense November 2018 version?

 

Thanks

Sunil

0 Likes
1,658 Views
PrashantSangle
MVP
MVP
‎2020-03-13 04:02 AM

Hi @sunilchakala_ql ,

Instead waiting for new patch of Nov 2018, you can upgrade qlik Sense version with latest version with latest patch.

 

Regards,

Prashant Sangle

1,649 Views
Wlad_Masi
Employee
Employee
‎2020-03-13 12:15 PM

Hi @sunilchakala_ql@PrashantSangle  is correct.
As the article that you can see here  says, Qlik Sense November Patch 8 update 1 has the fix.

0 Likes
1,633 Views
Subscribe by Topic