The QlikView Management Console denies access due to an Invalid cross-site request forgery token.
Environment:
After an upgrade, or fresh installation of QlikView November 2018 (12.30), access to the Management Console fails with:
Invalid request parameter. Please refer to the QMS logs for more information
The QlikView Management Service logs read:
Error Request failed: System.Security.SecurityException: Invalid cross-site request forgery token. IP address of the sender: ::1 || at QMS.BackstageWebServer.PreventCrossSiteRequestForgery(HttpListenerRequest request, XmlDocument document) || at QMS.BackstageWebServer.HandleRequest(HttpListenerContext context) || The Zone of the assembly that failed was ....
Resolution
This is solved in QlikView 12.40.20000 (April 2019).
Workaround:
Option 1: Disable Automatic refresh of task list in the QMC -> Status -> Tasks tab at the bottom right of the window.
Option 2 (not recommended): Disable Cross Site Request Forgery prevention following QlikView Management Console : Enable Cross site scripting protection, setting it from TRUE to FALSE. While not recommended, this step can be used to verify if the issue is caused by Cross-Site Request Forgery prevention being enabled.
