diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php
index 55a46e9f347..1f34c23c8dc 100644
--- a/htdocs/admin/system/dolibarr.php
+++ b/htdocs/admin/system/dolibarr.php
@@ -395,7 +395,14 @@ foreach ($configfileparameters as $key => $value)
 
 				$valuetoshow = ${$newkey};
 				if (empty($valuetoshow)) {
-					print img_warning($langs->trans('SwitchThisForABetterSecurity'));
+					print img_warning($langs->trans('SwitchThisForABetterSecurity', 1));
+				}
+			} elseif ($newkey == 'dolibarr_nocsrfcheck') {
+				print ${$newkey};
+
+				$valuetoshow = ${$newkey};
+				if (!empty($valuetoshow)) {
+					print img_warning($langs->trans('SwitchThisForABetterSecurity', 0));
 				}
 			} else {
 			    print ${$newkey};
diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php
index 23cd5fb5f0a..84fe534f473 100644
--- a/htdocs/admin/tools/listevents.php
+++ b/htdocs/admin/tools/listevents.php
@@ -235,6 +235,20 @@ if ($result)
 		print $form->formconfirm($_SERVER["PHP_SELF"].'?noparam=noparam', $langs->trans('PurgeAuditEvents'), $langs->trans('ConfirmPurgeAuditEvents'), 'confirm_purge', $formquestion, 'no', 1);
 	}
 
+	// Check some parameters
+	// TODO Add a tab with this and other information
+	/*
+	global $dolibarr_main_prod, $dolibarr_nocsrfcheck;
+	if (empty($dolibarr_main_prod)) {
+		print $langs->trans("Warning").' dolibarr_main_prod = '.$dolibarr_main_prod;
+		print ' '.img_warning($langs->trans('SwitchThisForABetterSecurity', 1)).'<br>';
+	}
+	if (!empty($dolibarr_nocsrfcheck)) {
+		print $langs->trans("Warning").' dolibarr_nocsrfcheck = '.$dolibarr_nocsrfcheck;
+		print ' '.img_warning($langs->trans('SwitchThisForABetterSecurity', 0)).'<br>';
+	}
+	*/
+
 	print '<div class="div-table-responsive">';
 	print '<table class="liste centpercent">';
 
diff --git a/htdocs/core/ajax/check_notifications.php b/htdocs/core/ajax/check_notifications.php
index f8a30e69aa9..098ac586ce1 100644
--- a/htdocs/core/ajax/check_notifications.php
+++ b/htdocs/core/ajax/check_notifications.php
@@ -101,7 +101,7 @@ $eventfound = array();
 //dol_syslog('time='.$time.' $_SESSION[auto_ck_events_not_before]='.$_SESSION['auto_check_events_not_before']);
 
 // TODO Try to make a solution with only a javascript timer that is easier. Difficulty is to avoid notification twice when several tabs are opened.
-// This need to extend period to be sure to not miss and save in session what we notified to avoid duplicate (save is not done yet).
+// This need to extend period to be sure to not miss and save in session what we notified to avoid duplicate.
 if ($time >= $_SESSION['auto_check_events_not_before'] || GETPOST('forcechecknow', 'int'))
 {
     $time_update = (int) $conf->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY; // Always defined
diff --git a/htdocs/core/ajax/constantonoff.php b/htdocs/core/ajax/constantonoff.php
index 456542e331e..f7aab4d02e0 100644
--- a/htdocs/core/ajax/constantonoff.php
+++ b/htdocs/core/ajax/constantonoff.php
@@ -46,7 +46,7 @@ top_httphead();
 
 //print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
 
-// Registering the location of boxes
+// Registering the new value of constant
 if (!empty($action) && !empty($name))
 {
 	$entity = GETPOST('entity', 'int');
@@ -62,4 +62,6 @@ if (!empty($action) && !empty($name))
 			dolibarr_del_const($db, $name, $entity);
 		}
 	}
+} else {
+	http_response_code(403);
 }
diff --git a/htdocs/core/js/lib_head.js.php b/htdocs/core/js/lib_head.js.php
index 3521c3ed0f4..b95d3d18f6c 100644
--- a/htdocs/core/js/lib_head.js.php
+++ b/htdocs/core/js/lib_head.js.php
@@ -529,7 +529,7 @@ function hideMessage(fieldId,message) {
  * @param   string  token       Token
  */
 function setConstant(url, code, input, entity, strict, forcereload, userid, token) {
-	$.get( url, {
+	$.post( url, {
 		action: "set",
 		name: code,
 		entity: entity,
@@ -585,7 +585,7 @@ function setConstant(url, code, input, entity, strict, forcereload, userid, toke
 		if (forcereload) {
 			location.reload();
 		}
-	});
+	}).fail(function(error) { location.reload(); });	/* When it fails, we always force reload to have setEventErrorMEssage in session visible */
 }
 
 /*
@@ -602,7 +602,7 @@ function setConstant(url, code, input, entity, strict, forcereload, userid, toke
  * @param   string  token       Token
  */
 function delConstant(url, code, input, entity, strict, forcereload, userid, token) {
-	$.get( url, {
+	$.post( url, {
 		action: "del",
 		name: code,
 		entity: entity,
@@ -654,7 +654,7 @@ function delConstant(url, code, input, entity, strict, forcereload, userid, toke
 		if (forcereload) {
 			location.reload();
 		}
-	});
+	}).fail(function(error) { location.reload(); });	/* When it fails, we always force reload to have setEventErrorMEssage in session visible */
 }
 
 /*
diff --git a/htdocs/core/lib/ajax.lib.php b/htdocs/core/lib/ajax.lib.php
index 55280d87388..6b77003e52e 100644
--- a/htdocs/core/lib/ajax.lib.php
+++ b/htdocs/core/lib/ajax.lib.php
@@ -518,7 +518,7 @@ function ajax_constantonoff($code, $input = array(), $entity = null, $revertonof
 				var userid = \''.$user->id.'\';
 				var yesButton = \''.dol_escape_js($langs->transnoentities("Yes")).'\';
 				var noButton = \''.dol_escape_js($langs->transnoentities("No")).'\';
-				var token = \''.newToken().'\';
+				var token = \''.currentToken().'\';
 
 				// Set constant
 				$("#set_" + code).click(function() {
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index df50afc69ac..4c529329c4c 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -2056,4 +2056,4 @@ TemplateAdded=Template added
 TemplateUpdated=Template updated
 TemplateDeleted=Template deleted
 MailToSendEventPush=Template for event reminder emails
-SwitchThisForABetterSecurity=Switching this value to 1 is recommended for more security
+SwitchThisForABetterSecurity=Switching this value to %s is recommended for more security
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index c35ccbf5994..94b0d0bbad5 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -348,10 +348,9 @@ if (!defined('NOTOKENRENEWAL'))
 	$_SESSION['newtoken'] = $token;
 }
 
-//var_dump(GETPOST('token').' '.$_SESSION['token'].' - '.newToken().' '.$_SERVER['SCRIPT_FILENAME']);
+//dol_syslog("aaaa - ".defined('NOCSRFCHECK')." - ".$dolibarr_nocsrfcheck." - ".$conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN." - ".$_SERVER['REQUEST_METHOD']." - ".GETPOST('token', 'alpha').' '.$_SESSION['token']);
 //$dolibarr_nocsrfcheck=1;
 // Check token
-//var_dump((! defined('NOCSRFCHECK')).' '.empty($dolibarr_nocsrfcheck).' '.(! empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)).' '.$_SERVER['REQUEST_METHOD'].' '.(! GETPOSTISSET('token')));
 if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN))
 	|| defined('CSRFCHECK_WITH_TOKEN'))	// Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set
 {
@@ -939,8 +938,7 @@ if (!defined('NOLOGIN'))
 	$user->getrights();
 }
 
-
-dol_syslog("--- Access to ".$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09'));
+dol_syslog("--- Access to ".$_SERVER["REQUEST_METHOD"].' '.$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09'));
 //Another call for easy debugg
 //dol_syslog("Access to ".$_SERVER["PHP_SELF"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));