When clicking the On-Demand button an error is thrown for IE but not for other browsers:
Status code:403 Forbidden
Response:"title": "Forbidden", "description": "REVEL_CSRF: token mismatch."
This only happens for a few customers, most customers have no trouble with IE. Instances of IE at Qlik work fine with NPrinting On-Demand.Environment:
- Qlik NPrinting all versions
R&D has coded this bug as a third party bug, thus we are unable to fix it. We have provided an entry in our September 2017 NPrinting release notes:
"On-Demand works for Chrome not for Internet Explorer"
Jira issue ID: OP-5908
The custom HTTP header X-XSRF-TOKEN must be added to match the value in the cookie to allow validation from the proxy.
The explanation from R&D:
The problem is not really the X-XSRF-TOKEN in this case, rather it is the “origin”-header in the request that is missing. This should be done automatically by the browser. Chrome, FF and most versions of IE complies. Why IE11 in some cases fails is not really clear, there are numerous suggestions but it all seems to boil down to how the environment is set up with security/policies, what version of IE11 you use and how IE is configured.
If the origin header is not present, NP will try to validate against XSRF and this is not present in the request since it should not be required. Adding the origin header manually seems tricky if possible at all since the header is not a custom one but one that the browser handles.
For more information on this topic:
1. Use Chrome instead of IE. If Chrome does not work, please try Firefox.
2. Another possible solution can be found in this Qlik Community post.
3. Ultimately, it will be necessary to find out why Internet Explorer in the specific environment is not including the origin header. This is likely due to environment specific security policies. It has been found that at least one setting that prevents the Origin header from being added is the "Access data sources across domains" = Enabled. As a workaround Disable this setting.