Qlik Sense mashup content fails to render. Browser developer tools show error related to Access-Control-Allow-Origin header.
- Qlik Sense Enterprise, 2.2 and higher
This issue originates from the browsers parsing and handling of the web content. As a security measure browser do not allow content from multiple domains, unless the main page has been configured to allow the cross domain content. The symptom of not allowed cross domain content is that the embedded parts fail to render and the browser throws a Cross-Origin Resource Sharing (CORS) error.
The main page must have a HTTP header that allows content from the Qlik Sense host, in order for the embedded object to be allowed by the browser. The general advise on (Access-Control-Allow-Origin) HTTP header requirements are as described in below link from Mozilla Developer Network.https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORShttps://www.w3schools.com/tags/att_iframe_sandbox.asp
If the whitelist has been configured correctly in Qlik Sense, then the issue may lie in the web portal or web page hosting Qlik Sense content. Please contact web servcie provider or web server administrator for further troubleshooting and configuration.
Verify that the host is included in the whitelist (NOTE, this includes both protocol and port
in addition to host if they differ from your Qlik Sense installation. Example:
A mashup is hosted on http://localhost:8080, and Qlik Sense is hosted on https://my-sense-server.
Including "localhost" in the whitelist is not sufficient; include explicitly both the protocol and port in this case (* will not include the port):
Check also if iframe is presenting the attribute sandbox , if this is the case, be sure to include the allow-same-origin.Note: The Access-Control-Allow-Origin is deprecated as of Qlik Sense 2.2 and higher and should not be added to the additional response headers in the virtual proxy settings.