v1.4: Remove CSRF Magic completely, use SameSite Cookies for Backend instead

BlackCatDevelopment / BlackCatCMS

BlackCat CMS is a PHP5, HTML5 content management system

https://blackcat-cms.org

Other

11 stars 9 forks source link

Closed webbird closed 4 years ago

webbird commented 4 years ago

This will require PHP 7.3

webbird commented 4 years ago

Added cookie_samesite to settings table; default will be "strict"

zxc7528064 commented 4 years ago

@webbird if you fix the CSRF vulnerability in v.1.3.6，Can you tell me ?