RFC 6454 Origin Checking, which protects against cross-site request forging, is enabled by default.
checkOrigin=falseIf multiple Connection Servers or security servers are load balanced, you must specify the load balancer address by adding the following entry to the file locked.properties. Port 443 is assumed for this address.
If clients will be connecting through Access Point, you must specify the Access Point addresses in the file locked.properties. Port 443 is assumed for these addresses. For example:
Do the same if you want to provide access to a Connection Server or security server by a name that is different from the one that is specified in the External URL.
When this option is enabled, connections to View can be made only to the address given in the external URL, to the balancedHost address, any portalHost address, or to localhost.