Requests sent to external modules, the Qlik Sense Repository Service (QRS), Qlik Management Console (QMC), and Qlik Sense Engine Service (QES) have the X-Qlik-Security header injected.
The header has the following format:
X-Qlik-Security: SecureRequest=true; Context=ManagementAccess; TicketAttribute1=TicketValue1; TicketAttribute2=; … TicketAttributen=TicketValuen; LicenseContext=ProfessionalAccess;
where:
- SecureRequest: True or false
- Context: ManagementAccess (for QMC access) or AppAccess (for QES access)
- TicketAttributex and TicketValuex are the ones posted along with the user ID via the Authentication API when Authentication modules create tickets for users. Ticket attributes with empty values use the “=” (equal) sign (for example, see TicketAttribute2 above).
-
LicenseContext: ProfessionalAccess, AnalyzerAccess , UserAccess, LoginAccess, or AnalyzerTimeAccess. This field contains information about the access pass (if any) allocated to the user for the current request. See Access passes for more information.
If the Extended security environment setting has been enabled in the QMC, the header has the following format:
X-Qlik-Security: OS=Windows; Device=Default; Browser=Chrome 21.0.1180.79; SecureRequest=true; IP=10.88.3.35; Context=ManagementAccess; TicketAttribute1=TicketValue1; TicketAttribute2=; … TicketAttributen=TicketValuen; LicenseContext=ProfessionalAccess;
where:
- OS: Windows, Linux, Mac OS X, or Unknown
- Device: iPhone, iPad, or Default
- Browser: Chrome, Firefox, Safari, MSIE, or Unknown followed by version number
- IP: IP number