Skip to main content

Qlik

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Launches Open Lakehouse and advanced agentic AI experience in Qlik Answers! | LEARN MORE
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
carloelan42
Contributor
‎2022-05-19 05:14 AM

Impossible to embed iframes because of CSP ancestor policy

I need to embed a Qlik Sense App in an external webpage (mashup), accessible without authentication.

According to this:
https://community.qlik.com/t5/Knowledge/Qlik-Sense-SaaS-does-not-display-in-a-frame-because-an-ances...

"The correct way is to add the hostname of the server that hosts the mashup as frame-ancestors in Content Security Policy in the console".

I set up a CSP policy with such hostname (I tried different combinations: the techinical hostname of the Linux server, the public domain, and the subdomain which is the one actually serving the iframe), but in all cases the error in the JS console is the same:

Refused to frame 'https://login.qlik.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

So, why "none"? Shouldn't it be the hostname that I specify?

Anyway, as stated at the beginning, I just need a way to embed an iframe without asking for user login. Thank you and kind regards.
Labels (1)
Labels
2 users say ditto
1,540 Views
0 Likes
3 Replies
Andrew_Delaney
Support
‎2022-05-30 09:16 AM

This suggests that there may be something else that is injecting the CSP header and overwriting the Qlik Sense setting.

 

Are you able to try connecting using a different net connection or outside of a VPN?

1,482 Views
0 Likes
Hinovia
Contributor
‎2022-05-30 09:46 AM

Hello,
We tried with different locations and there is no VPN involved.

1,475 Views
0 Likes
Andrew_Delaney
Support
‎2022-06-09 09:40 AM

Can you share what CSP you have entered in the console?

1,462 Views
0 Likes
Top