How to solve the The CSRF token endpoint has returned status code 'BadRequest' without a CSRF token header problem
FIRST CREATED ON 21 May 2025 I AUTHOR Emma Camacho
The error The CSRF token endpoint has returned status code 'BadRequest' without a CSRF token header when adding a new Qlik Sense Server Datasource using the Authentication Type Impersonation (Section Access) shows up when the Qlik Sense Virtual Proxy does not have the name of the server specified in the Host Allow List.
Resolution
Add the server's name to the Host Allow List in the Qlik Sense Virtual Proxy that is used in the Datasource definition in Mail & Deploy's management console.
Datasource definition
Virtual Proxy
If you cannot find a solution following this guidance, please SUBMIT A TICKET to our support. We are happy to help!

Looking for Additional Guidance?
If you require more detailed information or further assistance, please visit our comprehensive Online Documentation. Our resources are designed to help you navigate all features and functionalities effectively.