RFC 6454 Origin Checking, which protects against cross-site request forging, is enabled by default.
In earlier releases, this protection was disabled by default.
You can disable this protection by adding the following entry to the file locked.properties:
If multiple Connection Servers or security servers are load balanced, you must specify the load balancer address by adding the following entry to the file locked.properties. Port 443 is assumed for this address.
If clients will be connecting through Access Point, you must specify the Access Point addresses in the file locked.properties. Port 443 is assumed for these addresses. For example:
Do the same if you want to provide access to a Connection Server or security server by a name that is different from the one that is specified in the External URL.
When this option is enabled, connections to View can be made only to the address given in the external URL, to the balancedHost address, any portalHost address, or to localhost.