In SugarCRM 8.0.1, I am trying to make a new, unregistered action work.

The action is a form and has been added to my custom module. I am trying to reach it from itself in the following manner so that on form submission, the form-data is sent back to itself (aka, the action link leads back to the same page the form is on):

<form method="POST" name="ConfigureSettings" action="#bwc/index.php?module=CustomModule&action=newAction">

Based on SugarCRM Support's Troubleshooting Cross-Site Forgery Messages, the way to add an additional action is as follows:

To add the unregistered action as an allowed action (e.g. custom module), add the following line of code to the config_override.php file:

$sugar_config['http_referer']['actions'] =array( 'index', 'ListView', 'DetailView', 'EditView', 'oauth', 'authorize', 'Authenticate', 'Login', 'SupportPortal', 'bad_action' );

Doing this alone does not work, and trying to save my changes or cancel editing my form will still lead to the same error:

Cross Site Request Forgery (XSRF) Attack Detected
Form authentication failure (CustomModule -> newAction). Contact your administrator.

Is there something I have to edit in the $sugar_config to relate it to my specific action? I tried changing bad_action to newAction, but to no avail.

Found a workaround here which will just log the error rather than abort the action, and it proves that my form is working correctly in which I am led back to the same page and the form has been updated.

Unfortunately, this is not a solution to my problem because this is unsafe for a production instance, and I am still not sure why I'm getting the error in the first place as I am not redirecting to a site outside of the instance.