Please check SAP Note No. 1776571 & 1699988 in this regard.
Also, Check the properties of your BSP application and make sure that
the checkbox 'XSRF Protection' is selected. You can see more infomati
on of this functionality from below note:
Note No. 1458171 Cross-site request forgery protection for BSP
Kind Regards