On Sun, Jul 29, 2018 at 9:27 PM Andrey Andreev <n...@devilix.net> wrote:
> Hi, > > On Sun, Jul 29, 2018 at 7:22 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > > > > One thing regarding implementation. > > Since the internet RFC has only 2 values for "samesite", the parameter > can > > be > > bool rather than string so that users can avoid "broken security by a > typo". > > If "samesite" has more than 2 values, the INI handler can be changed so > that > > it can > > handle both bool and string parameters. > > > > The attribute has 2 possible values, but those are 2 different modes > of operation *when enabled*, not 2 states in total. It doesn't fit in > a boolean, and even if it did it wouldn't be forward-compatible that > way. > What do you mean by "those are 2 different modes of operation *when enabled*, not 2 states in total. "? samesite-value = "Strict" / "Lax" Flag is flag. It does not matter if it is used as combined values. An INI value can be bool and string/etc. Even when 3rd value is added, it can be supported. Such INIs exist in PHP already. Regards, -- Yasuo Ohgaki
