When integrating Qlik Sense with a website, you see the following CORS error:
Response to preflight request doesn't pass access control check: It does not have a HTTP Ok status.
The result is that Qlik Sense’s APIs will fail, and you may see 404 not found messages in web debugging tools even though Access-Control-Allow-Origin settings are correct.
Environment:
Cause:
If an additional CSRF protection is enabled in a third-party library that is running on top of Qlik Sense, and there is an issue with its configuration, you may get the before mentioned error. You can test if this is the case by running Chrome without web security enabled as so:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security
If after disabling web security, everything works, then the CSRF protection in the third-party library is responsible.
Resolution:
Disable the CSRF protection used by any third-party libraries running on top of the Qlik Sense API.