stijnhau
commented
5 years ago I like the idea but i think the option should already be seprated per timeout. Because if it's accepted now it migght stay like that forever.
Open alexz707 opened 6 years ago
stijnhau
commented
5 years ago I like the idea but i think the option should already be seprated per timeout. Because if it's accepted now it migght stay like that forever.
Since a really really long time (since 2012!!!!) CSRF has been commented out and there was no fix until now. The descriptions says CSRF is implemented and complete! That is simply WRONG and is a security nightmare!!
I implemented the basic CSRF tokens which take the settings from the config. Maybe the naming of this setting(s) has to be changed because it's not only used in the login form but in all the others except the registration form. That can be discussed and added later on. For now it would be good if anyone of the maintainer(@EvanDotPro , @weierophinney , @Danielss89 ) could merge and release a new package. Thanks :)