We have to create a situation where user needs to see some report directly and therefore the link to exact report is placed at intranet webpage menu, for example https://web.domain.dn/somewhere/somepage. The link to the report is similar to <https://<sas_midtier_host.doman.dn>:8343/SASVisualAnalyticsViewer/?reportSBIP=SBIP://METASERVER/<longer-path-to-report>. So, it means that referer for the sas_midtier_host is different.
Now, the problem is that even if I do have asterisk at sas.web.csrf.referers.knownHosts value, it still gives "The referring URL has been logged on the server. Please contact your SAS Administrator if you think the referring URL should be allowed. The SAS Administrator should review the information about cross site request forgery in the SAS Intelligence Platform documentation for instructions about using the sas.web.csrf.referers.knownHosts setting to whitelist the referring URL."
I remember the asterisk was typed while installing the environment:
The easiest solution would be turning CSFR off completely as the asterisk shouldn't restrict anybody anyway. But I'm still curious why it gives me the denial because of referer, is asterisk suitable for the cell?
An asterisk does not meet the format set forth in the prompt for that field, so I think you'd need to do http://*/ and https://*/. I would agree if you want to permit from any host you should instead set "sas.web.csrf.referers.performCheck" to false and restart your middle tier.