Angular development and potential SQL injection attack: imxclient.exe.config settings help


We're working on the angular project for our v91 web portal and found out that whenever a user that only has these roles: Birthday Assingments/everyone (change and lookup) will find a potential SQL injection attack error upon login to the angular web portal. 

I've followed this thread:  RE: Potential SQL injection attack by brute-force querying the rest api  and it seems fine for a production system. But how about a development environment? In our case , we run a local apiserver with imxclient.exe that runs on localhost:8182 but we're unable to get rid of the problem. We've added that baseURL setting to imxclient.exe.config to no success. This local api server connects a database. The QBMWebApplication BaseURL for this database is, obviously, different from the baseURL in the local api server. Changed the baseURL in imxclient to match the one in the database but the problem is still there. Guys, this is really confusing. 

Furthermore, could anyone explain in depth how the settings in imxclient.exe.config work? For we've been trying to use the app server connection string in connectionsStrings and appSetings but still are unable to run searchs using the web portal that runs on the local apiserver.