The ProblemPOST /my/post/url HTTP/1.1] org.apache.sling.security.impl.ReferrerFilter Rejected empty referrer header for POST request to /my/post/url
The SolutionThe problem here is that you are not correctly spoofing the Referer address. To avoid this problem when testing, you can disable Referer filter checking by going to localhost:/4502/system/console/components, go to Apache Sling Referrer Filter, and check the "Allow Empty" checkbox.
This will disable the referrer security check in CQ5 for your developer instance.
NOTE: DO NOT DO THIS FOR PUBLICLY ACCESSIBLE CQ5/AEM INSTANCES AS IT POSES A SECURITY RISK