ERROR
JavaLogger potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:127.0.0.1, method:POST, uri:/carbon/admin/login_action.jsp, error:required token is missing from the request)
Solution
Downgrade JDK to 1.8.0_144;
if you cannot proceed with the downgrade, so you can disable the compression in Tomcat
repository/conf/tomcat/catalina-server.xml,
switching compression to "off"
instead of the default which is "on".
