Hi Stas, On Wed, May 11, 2016 at 12:32 AM, Stanislav Malyshev <smalys...@gmail.com> wrote: >> What happens with applications that do not produce HTML at all, such as REST, >> - These apps may add SESSCSRF value manually. > > Add where? And where that value would come from? RFC says nothing about > that.
As usual. Query parameter when GET is used. Additional input when POST is used. All users have to do is adding CSRF token to JS program. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
