Hi, We recently upgraded from AMQ 5.3.0 to AMQ 5.6.0. In version 5.6.0, CSRF protection has been added to the AMQ web console. As far as I understand, this is done through the server generating a secret key on each request to view a message/queue, which is in turn used to validate the requests. This leads to some usability issues with the AMQ web console:
1. If a user clicks back in the browser, then no actions can be made, since you then return to a cached page, with a stale secret key. 2. Say you have a dead-letter queue with 19 messages, and you want to delete 15 of them. Since deleting a message from the overview of a queue throws you back to the overview of all the queues, this could be tedious work. In 5.3.0, we went around this by holding ctrl in while clicking delete, so the redirect to the all queues overview happened in a new tab. This is no longer possible, since you can't make mulitple requests with the same secret key. Due to this, and the fact that the AMQ console is located on an intranet and we no real need for CSRF protection, I would like to disable it altogether. But is this possible? (I have tried to get the console to enforce a reload of the page when the user clicks the back-button, but can't get it to work..) -Tobb -- View this message in context: http://activemq.2283324.n4.nabble.com/Disabling-CSRF-protection-tp4659303.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
