Skip to main content

Qlik

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Launches Open Lakehouse and advanced agentic AI experience in Qlik Answers! | LEARN MORE
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
_rohitgharat
Creator
‎2022-11-01 02:18 AM

Not able to apply Content Security Policy on Qliksense Enterprise version

Hi,
We are trying to apply Content security policy on Qliksense Enterprise version for our headers:
QMC>>Virtual Proxies>>Advanced>> Additional Response headers
We tried all the below syntax for Content security policy:
Content-Security-Policy: default-src 'self'; img-src *;
Content-Security-Policy:
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'
 But when we apply the above syntax for CSP, Qliksense login page doesn't load properly and the subsequent pages for dashboards turns blank.
Kindly suggest how can we implement CSP in Qliksense Enterprise version?.
 
Thanks in Advance.
Regards,
Rohit Gharat
2 users say ditto
1,666 Views
0 Likes
1 Solution

Accepted Solutions
2 Replies
nilesh007
Partner - Creator
‎2025-01-02 05:49 AM

Hi Community,

In Qlik sense enterprise, according to VAPT report there are some missing security headers which needs to be implemented. We are facing issue while adding the below security header in the virtual proxy.
--> Content-Security-Policy: default-src 'self'
After implementing it we are unable to access qlik getting black/grey screen.

Articles followed:

https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-Enterprise-on-Windows-Securing-an....

How to determine string policy for Content Securit... - Qlik Community - 1715491

 

error5.JPG
Preview file
35 KB
network.JPG
Preview file
114 KB
552 Views
0 Likes
Top