Hi, Sorry for scattered mails.
On Wed, May 11, 2016 at 5:05 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: >> What I personally would be for, is a CSRF aPI module that comes as default, >> like the Password API one, that gives ability to generate good quality CSRF >> tokens and manage it. Token generation is automatic, but this RFC supports fully manual CSRF validation, too. The RFC page only has semi manual example only. I'll add a example for this. Anyway, I fails to see the reason why PHP should not invalidate CSRF attacks against POST requests with 2 simple parameter or INI... Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
