Unable to view or create Oozie workflows in Hue on a Knox-secured cluster

If you are unable to view Oozie workflow actions, such as "HiveServer2 Script" or "Shell Script" on the Oozie Editor page in Hue on a Knox-secured cluster, then check the Hue logs for the following warning: "POST /desktop/log_js_error HTTP/1.1" --- Referer checking failed - https://[***FQDN***]:[***PORT***]/oozie//editor/workflow/new does not match any trusted origins.. To fix this issue, add the Oozie server URL to the trusted_origins property in the Hue Advanced Configuration Snippet.

When you set up Knox on your CDP cluster, Knox authenticates access or requests from other services and applications. If you specify the Oozie server URL in the trusted_origins property, Knox can check that the incoming request is from a trusted source (Oozie) and approves access, allowing you to view and create Oozie workflows from Hue.

Log in to Cloudera Manager as an Administrator.
Go to Clusters > Hue service > Configuration > Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini.

Add the Oozie server URL in the trusted_origins property under the desktop section as follows:

[desktop]
[[session]]
# Comma-separated list of Oozie nodes and Oozie ports
# for each Oozie instance
trusted_origins=[***OOZIE-NODE1***]:[***OOZIE-PORT1***], [***OOZIE-NODE2***]:[***OOZIE-PORT2***],...

For example:

[desktop]
[[session]]
# Comma-separated list of Oozie nodes and Oozie ports
# for each Oozie instance
trusted_origins=localhost:11000

Click Save Changes.
Restart the Hue service.