Hi All, On Tue, May 10, 2016 at 12:24 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > It's not nice to work on the same code (i.e. session module) for > multiple RFCs, but time is limited. > > I would like to hear from ideas/comments before I write patch for this. > https://wiki.php.net/rfc/automatic_csrf_protection > > Thank you for your comments.
I've changed RFC target from "automatic" to "semi-automatic". i.e. Changed title. It is possible to set up web system that could be protected from CSRF attack fully, but it requires web server setting/simple php script to do so. If it requires web system modification anyway, it would be better make this feature more generic. Users has to write a setting for pages, but it should be good enough to secure simple applications. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
