diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php
index 589cf9fcb1a..3b443276509 100644
--- a/htdocs/admin/modules.php
+++ b/htdocs/admin/modules.php
@@ -29,7 +29,7 @@
  *  \brief      Page to activate/disable all modules
  */
 
-if (!defined('CSRFCHECK_WITH_TOKEN')) {
+if (!defined('CSRFCHECK_WITH_TOKEN') && (empty($_GET['action']) || $_GET['action'] != 'reset')) {	// We do not force security to disable modules so we can do it if problem
 	define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
 }
 
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index affa435d389..266cb541c7b 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -438,15 +438,18 @@ if ((!empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_VE
 
 // Creation of a token against CSRF vulnerabilities
 if (!defined('NOTOKENRENEWAL')) {
-	// Rolling token at each call ($_SESSION['token'] contains token of previous page)
-	if (isset($_SESSION['newtoken'])) {
-		$_SESSION['token'] = $_SESSION['newtoken'];
-	}
+	// No token renewal on .css.php, .js.php and .json.php
+	if (!preg_match('/\.(css|js|json)\.php$/', $_SERVER["PHP_SELF"])) {
+		// Rolling token at each call ($_SESSION['token'] contains token of previous page)
+		if (isset($_SESSION['newtoken'])) {
+			$_SESSION['token'] = $_SESSION['newtoken'];
+		}
 
-	// Save in $_SESSION['newtoken'] what will be next token. Into forms, we will add param token = newToken();
-	$token = dol_hash(uniqid(mt_rand(), true)); // Generates a hash of a random number
-	$_SESSION['newtoken'] = $token;
-	dol_syslog("NEW TOKEN reclaimed by : " . $_SERVER['PHP_SELF'], LOG_DEBUG);
+		// Save in $_SESSION['newtoken'] what will be next token. Into forms, we will add param token = $_SESSION['newtoken']
+		$token = dol_hash(uniqid(mt_rand(), true)); // Generates a hash of a random number
+		$_SESSION['newtoken'] = $token;
+		dol_syslog("NEW TOKEN generated by : " . $_SERVER['PHP_SELF'], LOG_DEBUG);
+	}
 }
 
 //dol_syslog("aaaa - ".defined('NOCSRFCHECK')." - ".$dolibarr_nocsrfcheck." - ".$conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN." - ".$_SERVER['REQUEST_METHOD']." - ".GETPOST('token', 'alpha'));