On Sun, Jul 29, 2018 at 9:27 PM Andrey Andreev wrote:
> Hi,
>
> On Sun, Jul 29, 2018 at 7:22 AM, Yasuo Ohgaki wrote:
> >
> > One thing regarding implementation.
> > Since the internet RFC has only 2 values for "samesite", the parameter
> can
> > be
> > bool rather than string so that users can avoid "broken security by a
> typo".
> > If "samesite" has more than 2 values, the INI handler can be changed so
> that
> > it can
> > handle both bool and string parameters.
> >
>
> The attribute has 2 possible values, but those are 2 different modes
> of operation *when enabled*, not 2 states in total. It doesn't fit in
> a boolean, and even if it did it wouldn't be forward-compatible that
> way.
>
What do you mean by "those are 2 different modes
of operation *when enabled*, not 2 states in total. "?
samesite-value = "Strict" / "Lax"
Flag is flag. It does not matter if it is used as combined values.
An INI value can be bool and string/etc. Even when 3rd value is added, it
can
be supported. Such INIs exist in PHP already.
Regards,
--
Yasuo Ohgaki