Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
July 15, NEW Customer Portal: Initial launch will improve how you submit Support Cases. IMPORTANT DETAILS
Andre_Sostizzo
Digital Support
Digital Support
‎2020-01-24 03:41 PM

Cross-Site requests with cookie without the SameSite attribute are being blocked

Development that use cross-site resources may encounter issues when Chrome version 80 is released in the month of February 2020.

Development that use cross-site resources may encounter issues when Chrome version 80 is released in the month of February 2020. An example of when issue may occur is when using  "domReady".  (https://www.cdnpkg.com/require-domReady)

The following may be registered in the Google Chrome Development Tools:

"A cookie associated with a cross-site resource at ....[URL]... was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032."

Even though this comes from the Chrome console, other browsers as Mozilla and Edge may also displaying similar warnings. 

The above may currently happen on the latest Qlik Sense Enterprise and QlikView releases.

This is cause by a new CORS security standard/feature that browsers are now enforcing, or beginning to enforce as developers begin to opt in. More information is available here https://www.chromestatus.com/feature/5088147346030592 and here https://www.chromestatus.com/feature/5633521622188032 as the above error mentions.

R&D is currently working on a solution, and updates regarding this will be posted here once this information becomes available.

Known Workaround(s):

  • For now, the SameSite security feature is not being enforced by default. If you are using Chrome versions 79 and below, the default setting for SameSite is "default", which is equivalent to "disabled". You can check it here chrome://flags/#same-site-by-default-cookies. In Chrome versions 80 and newer, "default" will be equivalent to "enabled", which enforces this security setting and will require an update to Qlik Sense and QlikView to prevent requests from being blocked. Until an update is provided, a temporarily workaround would be to change the SameSite setting to "disabled".
  • Edit the domain policy for where a list of specific domains are allowed for the legacy SameSite behavior to be used. See Cookie Legacy SameSite Policies.
 
NOTE:
  • Qlik will have official patches and service releases for both Qlik Sense and QlikView available on the Wednesday's, Feb 12th 2020 delivery.
  • Licensee patches will be available on demand for Qlik Sense as of Feb 3rd 2020, please contact Qlik Support.

 

Reference: https://support.qlik.com/articles/000092955

7,425 Views
14 Comments
Wlad_Masi
Employee
Employee
‎2020-03-13 12:17 PM

Hello @efournel,

 

Have you been able to find your way around?
Have you checked this article here?
Please let me know what instructions are not clear for you.

0 Likes
1,392 Views
sunilchakala_ql
Contributor III
Contributor III
‎2020-03-16 04:17 PM

@PrashantSangle  Yes prashanth, we are planning to upgrade but it will take some time to plan it. But meanwhile users are facing issues so looking for some solution.

 

@Wlad_Masi yes qlik mentioned it will be fixed in Qlik Sense November Patch 8 update 1 but i dont see that is available in Qlik customer downloads.only Qlik Sense November Patch 8 is available which is last modified in dec 2019. So would like to know if you have any update on that. i have raised a case  with qlik support, i dint see any proper response.

0 Likes
1,344 Views
Wlad_Masi
Employee
Employee
‎2020-03-17 05:01 PM

Hi @sunilchakala_ql ,

 

Qlik Sense November Patch 8 update one will be released under request.
For this specific version a case will have to be opened to request it.

I can see your case on our Qlik Support queue and the best resource to help you will be assigned to it.

1,219 Views
hshahul04
Contributor II
Contributor II
‎2021-01-15 10:49 AM

Hi samsite_none_issue.JPG

 

,

I am facing the same issue after set samesite to none in chrome as well as QMC virtual proxy when I am using the Qlik extension only.

I can able to get the data from Qlik using enigma JS with node application in Chrome browser with help of this samesite attribute as none. But only facing the issue while using the Qlik extension.

512 Views
Subscribe by Topic