QlikView Management Console access denied: Invalid request parameter due to cross-site request forgery token.

Sonja_Bauernfeind — Tue, 22 Jun 2021 15:08:16 GMT

The QlikView Management Console denies access due to an Invalid cross-site request forgery token.

Environment:

After an upgrade, or fresh installation of QlikView November 2018 (12.30), access to the Management Console fails with:

Invalid request parameter. Please refer to the QMS logs for more information

The QlikView Management Service logs read:

Error Request failed: System.Security.SecurityException: Invalid cross-site request forgery token. IP address of the sender: ::1 || at QMS.BackstageWebServer.PreventCrossSiteRequestForgery(HttpListenerRequest request, XmlDocument document) || at QMS.BackstageWebServer.HandleRequest(HttpListenerContext context) || The Zone of the assembly that failed was ....

Resolution

This is solved in QlikView 12.40.20000 (April 2019).

Workaround:

Option 1: Disable Automatic refresh of task list in the QMC -> Status -> Tasks tab at the bottom right of the window.

Option 2 (not recommended): Disable Cross Site Request Forgery prevention following QlikView Management Console : Enable Cross site scripting protection, setting it from TRUE to FALSE. While not recommended, this step can be used to verify if the issue is caused by Cross-Site Request Forgery prevention being enabled.

article QlikView Management Console access denied: Invalid request parameter due to cross-site request forgery token. in Official Support Articles

QlikView Management Console access denied: Invalid request parameter due to cross-site request forgery token.

Environment:

Resolution