diff --git a/htdocs/core/js/lib_notification.js.php b/htdocs/core/js/lib_notification.js.php
index aa9dd989c10..19540912049 100644
--- a/htdocs/core/js/lib_notification.js.php
+++ b/htdocs/core/js/lib_notification.js.php
@@ -102,7 +102,7 @@ function check_events() {
var newToken = 'notrequired';
const allMeta = document.getElementsByTagName("meta");
for (let i = 0; i < allMeta.length; i++) {
- if (allMeta[i].getAttribute("name") == 'anti-csrf-token') {
+ if (allMeta[i].getAttribute("name") == 'anti-csrf-currenttoken') {
newToken = allMeta[i].getAttribute('content');
console.log("newToken in page = "+newToken);
}
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index b01db102bff..1dd9eb35c04 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -501,7 +501,7 @@ if ((!empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_VE
// Creation of a token against CSRF vulnerabilities
if (!defined('NOTOKENRENEWAL') && !defined('NOSESSION')) {
- // No token renewal on .css.php, .js.php and .json.php
+ // No token renewal on .css.php, .js.php and .json.php (even if the NOTOKENRENEWAL was not provided)
if (!preg_match('/\.(css|js|json)\.php$/', $_SERVER["PHP_SELF"])) {
// Rolling token at each call ($_SESSION['token'] contains token of previous page)
if (isset($_SESSION['newtoken'])) {
@@ -1561,7 +1561,8 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
print ''."\n"; // Do not index
print ''."\n"; // Scale for mobile device
print ''."\n";
- print ''."\n";
+ print ''."\n";
+ print ''."\n";
if (getDolGlobalInt('MAIN_FEATURES_LEVEL')) {
print ''."\n";
}