By default, protection against cross-site request forging is disabled.
You can enable this protection by adding the following entry to the file locked.properties:
If multiple Connection Servers or security servers are load balanced, you must specify the load balancer address by adding the following entry to the file locked.properties. Port 443 is assumed for this address.
When this option is enabled, connections to View can be made only to the address given in the external URL, to the balancedHost address, or to localhost.