Hi! >> Add where? And where that value would come from? RFC says nothing about >> that. > > As usual. Query parameter when GET is used. Additional input when POST > is used. All users have to do is adding CSRF token to JS program.
GET and POST aren't the only HTTP methods. And where JS program would get the correct token from? As far as I can see, there's no function in the RFC that produces it. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
