Nicolas Grekas

icon company @SymfonyCorp icon location Paris, France icon location Submitting features and bug(fixes) @symfony, to make it always faster, easier to use and better designed, uncompromising. @ESPCI_Alumni engineer.

Results 738 comments of Nicolas Grekas
trafficstars

Enable stateless headers/cookies-based CSRF protection

> should we enable this double-submit validation by default ? For sites that rely on stateful authentication anyway, the session-based CSRF token manager has the benefit of being compatible with...

Enable stateless headers/cookies-based CSRF protection

PR ready for approval.

Enable stateless headers/cookies-based CSRF protection

Thanks for the review @Kocal, comments resolved.

Enable stateless headers/cookies-based CSRF protection

Friendly up @symfony/mergers

Provide a way to stop execution at a particular deprecation

It could be, but displaying stacktraces for deprecations standalone is not useful nor actionable: deprecations are best reported grouped, which means without stacktraces. On the other side, stopping on one...

PHP project account on X is no longer being updated

https://buffer.com/ is nice cross posting BTW.

[HtmlSanitizer] Add support for securing target="_blank" links

/cc @tgalopin can you please check this PR?

[HttpCache] Hit the backend only once after waiting for the cache lock

I means something like this: ```php $response = $this->lookup($request, $catch); if ($request->attribute->has('foo')) { // lookup again after removing the attribute ``` With an early return in the lock method indeed....

[HttpCache] Hit the backend only once after waiting for the cache lock

Hum indeed. Then let's make the added exception internal. Also : what about a loop instead of just one retry?

[HttpCache] Hit the backend only once after waiting for the cache lock

Thank you @mpdude.