When trying to cancel shutdown mode via
Cancel link of Build Queue
POST is required for jenkins.model.Jenkins.doCancelQuietDown
together with a Try POSTing button.
If the Try POSTing button is pressed cancel is working with CSRF protection disabled.
But with CSRF protection enabled (in Manage->Configure Global Security) after the Try POSTing button Jenkins shows
error which effectively means there is currently no way to cancel from shutdown mode if CSRF protection is enabled.