The QlikView Management Console denies access due to an Invalid cross-site request forgery token.Environment:
QlikView November 2018 (12.30) IR and SR1
After an upgrade, or fresh installation of QlikView November 2018 (12.30), access to the Management Console fails with:Invalid request parameter. Please refer to the QMS logs for more information
The QlikView Management Service logs read:Error Request failed: System.Security.SecurityException: Invalid cross-site request forgery token. IP address of the sender: ::1 || at QMS.BackstageWebServer.PreventCrossSiteRequestForgery(HttpListenerRequest request, XmlDocument document) || at QMS.BackstageWebServer.HandleRequest(HttpListenerContext context) || The Zone of the assembly that failed was ....
This was a software defect which has been addressed in the 12.40 Initial Release and later versions.
Option 1: Disable Automatic refresh of task list
in the QMC -> Status -> Tasks tab at the bottom right of the window.
Option 2 (not recommended): Disable Cross Site Request Forgery prevention following QlikView Management Console : Enable Cross site scripting protection
, setting it from TRUE to FALSE. While not recommended, this step can be used to verify if the issue is caused by Cross Site Request Forgery prevention being enabled. ! This is currently being investigated as a defect, and actively being worked on. Information provided on this defect is given as is at the time of documenting. For up to date information, please review the most recent Release Notes, or contact support with the ID QV-15432 for reference.