Hi, On Wed, May 11, 2016 at 1:48 AM, Fleshgrinder <p...@fleshgrinder.com> wrote: > On 5/10/2016 5:24 AM, Yasuo Ohgaki wrote: >> Hi all, >> >> It's not nice to work on the same code (i.e. session module) for >> multiple RFCs, but time is limited. >> >> I would like to hear from ideas/comments before I write patch for this. >> https://wiki.php.net/rfc/automatic_csrf_protection >> >> Thank you for your comments. >> >> Regards, >> >> P.S. Precise session ID management is important, but this one is also >> important. I'll finish and start voting 2 active session RFCs soon. I >> may finish all of them hopefully. >> > > -1 CSRF protection is a very specific need of some parts of a website > and not something that is universally required
Did you read RFC? It does not enable CSRF protection for all website, but only when it is enabled. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
