Hi!

> I would like to hear from ideas/comments before I write patch for this.
> https://wiki.php.net/rfc/automatic_csrf_protection

Could you explain a bit more - when token validation happens? Where the
SESSCSRF comes from? Does this mean that every session application now
has to support URL rewrite? What happens with applications that do not
produce HTML at all, such as REST, or those that produce data further
modified by Javascript frontend?

-- 
Stas Malyshev
smalys...@gmail.com

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to