Index: t3lib/class.t3lib_pagerenderer.php
===================================================================
--- t3lib/class.t3lib_pagerenderer.php	(Revision 10192)
+++ t3lib/class.t3lib_pagerenderer.php	(Arbeitskopie)
@@ -945,9 +945,12 @@
 	 * @return void
 	 */
 	public function addExtDirectCode() {
-		$formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
-		$token = $formprotection->generateToken('extDirect');
-		$formprotection->persistTokens();
+		$token = '';
+		if (TYPO3_MODE === 'BE') {
+			$formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
+			$token = $formprotection->generateToken('extDirect');
+			$formprotection->persistTokens();
+		}
 
 			// Note: we need to iterate thru the object, because the addProvider method
 			// does this only with multiple arguments
Index: t3lib/extjs/class.t3lib_extjs_extdirectrouter.php
===================================================================
--- t3lib/extjs/class.t3lib_extjs_extdirectrouter.php	(Revision 10192)
+++ t3lib/extjs/class.t3lib_extjs_extdirectrouter.php	(Arbeitskopie)
@@ -77,7 +77,8 @@
 			$request = array($request);
 		}
 
-		$validToken = FALSE;
+		$backendUserExists = is_object($GLOBALS['BE_USER']);
+		$validToken = !$backendUserExists;
 		$firstCall = TRUE;
 		foreach ($request as $index => $singleRequest) {
 			$response[$index] = array(
@@ -87,7 +88,7 @@
 			);
 
 			$token = array_pop($singleRequest->data);
-			if ($firstCall) {
+			if ($firstCall && $backendUserExists) {
 				$firstCall = FALSE;
 				$formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
 				$validToken = $formprotection->validateToken($token, 'extDirect');