Look like here at my company, we are affected by the same exact behavior @eab described in this thread...
Like @eab, as an enterprise customer, I am very surprised that problem stay in « backlog », since to be able to use services listening on « localhost » for all of our developer's, it imply to disable completely the WAP security on all of our Linux clients running the product...
I am now following this topic, thanks to @eab for the detailed behavior described here...