Hi, On Wed, May 11, 2016 at 7:06 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > On Wed, May 11, 2016 at 1:48 AM, Fleshgrinder <p...@fleshgrinder.com> wrote: >> On 5/10/2016 5:24 AM, Yasuo Ohgaki wrote: >>> Hi all, >>> >>> It's not nice to work on the same code (i.e. session module) for >>> multiple RFCs, but time is limited. >>> >>> I would like to hear from ideas/comments before I write patch for this. >>> https://wiki.php.net/rfc/automatic_csrf_protection >>> >>> Thank you for your comments. >>> >>> Regards, >>> >>> P.S. Precise session ID management is important, but this one is also >>> important. I'll finish and start voting 2 active session RFCs soon. I >>> may finish all of them hopefully. >>> >> >> -1 CSRF protection is a very specific need of some parts of a website >> and not something that is universally required > > Did you read RFC? > It does not enable CSRF protection for all website, but only when it is > enabled.
Oops. I set default to protect. Fixed it. Thanks. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php