BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
PriitL
Obsidian | Level 7

Hi!

 

We have to create a situation where user needs to see some report directly and therefore the link to exact report is placed at intranet webpage menu, for example https://web.domain.dn/somewhere/somepage. The link to the report is similar to <https://<sas_midtier_host.doman.dn>:8343/SASVisualAnalyticsViewer/?reportSBIP=SBIP://METASERVER/<longer-path-to-report>.  So, it means that referer for the sas_midtier_host is different.

 

Now, the problem is that even if I do have asterisk at sas.web.csrf.referers.knownHosts value, it still gives "The referring URL has been logged on the server. Please contact your SAS Administrator if you think the referring URL should be allowed. The SAS Administrator should review the information about cross site request forgery in the SAS Intelligence Platform documentation for instructions about using the sas.web.csrf.referers.knownHosts setting to whitelist the referring URL." 

referer-denies.PNGreferer-knownhosts-asterix.PNG

 

I remember the asterisk was typed while installing the environment:

 

referer-asterix-typed.PNG

 

The easiest solution would be turning CSFR off completely as the asterisk shouldn't restrict anybody anyway. But I'm still curious why it gives me the denial because of referer, is asterisk suitable for the cell?

 

Thanks!

 

PriitL

 

1 ACCEPTED SOLUTION

Accepted Solutions
PriitL
Obsidian | Level 7

Thank You for Your reply.

 

Still, entries "http://*/,https://*/" do not work. The entry should be "http://*.dn/,https://*.dn/" (if domain is domain.dn for example).

 

View solution in original post

2 REPLIES 2
gwootton
SAS Super FREQ
An asterisk does not meet the format set forth in the prompt for that field, so I think you'd need to do http://*/ and https://*/. I would agree if you want to permit from any host you should instead set "sas.web.csrf.referers.performCheck" to false and restart your middle tier.

Whitelist of Websites and Methods Allowed to Link to SAS Web Applications
https://go.documentation.sas.com/doc/en/bicdc/9.4/bimtag/p1xtsni38p58t3n1ljd2fy4c3joz.htm
--
Greg Wootton | Principal Systems Technical Support Engineer
PriitL
Obsidian | Level 7

Thank You for Your reply.

 

Still, entries "http://*/,https://*/" do not work. The entry should be "http://*.dn/,https://*.dn/" (if domain is domain.dn for example).

 

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • 811 views
  • 1 like
  • 2 in conversation