URLs generated by SAS® Stored Processes might be blocked in the web content object in SAS® Visual Analytics


Beginning with SAS® Visual Analytics 8.1, you can use web content objects to render results from SAS Stored Processes. However, in some circumstances, the following error about a blocked URL might occur:

Error that says "You attempted to access a SAS application by using the following URL: http//sasbi.demo.sas.com/SASStoredProcess/do The URL has been blocked because it came from an untrusted site, which might be attempting a malicious attack. Please contact your SAS Administrator if you think the referencing URL (http://my.webserver.company.com) should be allowed. The SAS Administrator should review the information about cross site request forgery in the SAS Intelligence Platform documentation for instructions about using the sas.web.csrf.referers.knownHosts setting to whitelist the referring URL.

This problem can occur if Cross Site Request Forgery (CSRF) is enabled on your SAS® server, and the SAS Visual Analytics host has not been added to the list of known hosts.

Note: For information about CSRF, see the SAS 9.4 Intelligence Platform: Middle-Tier Administration Guide.

To correct this problem, follow these steps:

1. On the SAS server, log on to SAS® Management Console with an administrative account such as sasadm@saspw.

2. On the Plug-ins tab, expand Application Management ► Configuration Manager.

3. Right-click SAS Application Infrastructure and select Properties.

4. Click the Advanced tab.

5. Edit the sas.web.csrf.referers.knownHosts property to add the host for the SAS Visual Analytics server to the list. Be sure to include the protocol (HTTP or HTTPS). In addition, the port number must be specified if the site uses port numbers other than the standard 80 for HTTP or 443 for HTTPS. End the host name with a trailing slash. Using the example from the previous display, you would add the following:

    http://my.webserver.company

6. Click OK to save the properties. 

7. To enforce the change, restart the SAS servers.