Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:102979
Return-Path: <narf@devilix.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 78162 invoked from network); 29 Jul 2018 12:26:56 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 29 Jul 2018 12:26:56 -0000
Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain devilix.net designates 209.85.221.50 as permitted sender)
X-PHP-List-Original-Sender: narf@devilix.net
X-Host-Fingerprint: 209.85.221.50 mail-wr1-f50.google.com  
Received: from [209.85.221.50] ([209.85.221.50:44819] helo=mail-wr1-f50.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 94/F2-36025-F82BD5B5 for <internals@lists.php.net>; Sun, 29 Jul 2018 08:26:56 -0400
Received: by mail-wr1-f50.google.com with SMTP id r16-v6so9713430wrt.11
        for <internals@lists.php.net>; Sun, 29 Jul 2018 05:26:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=devilix.net; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=x5cmQaFghF8kPqsOSZGsL1aL0w3vCNfU/GMgDaA87nE=;
        b=gFt1Z4P+7FLfWtc7dcq/onujT9gqVPO/NhR/y1OOAdcXtjYWHggoWC1Vy+ywB94iT6
         6h3jETlhTO+DchPI4ZJa10GFySbKvOKNSmZLLKD1Q92LO3/uAjTbbToK4WUiJadbSjPD
         HCt6QhRRgfIrIK+yXqa9DTeXlo4sB3E8NB/5k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=x5cmQaFghF8kPqsOSZGsL1aL0w3vCNfU/GMgDaA87nE=;
        b=BzqsHGR96WzHH1yRzOYpJPI1s9+2YNTCrLkyTuOPa8PBmsK76+AZ+h9iQcBrcHUbaf
         SHv/YP3W9k4xFXPKLlwFUwt/FgUFuboMZ86fVkntRd71i6ZvmAWXONL1zIIAUW8OkhGd
         rxVkxtPCxD6K6jgn0mpzL5oW/TrG/MnhQozzUGr31bibjmUyd9c1TG+l8mP1j4bic7AR
         17qKU8B2/I7L2T2bFN3RybbAeHCPGzghTkTDFFesrcO/Jk1ubCTGDnY/pPjqnOVK9nAa
         5g5UvHDPkyU/gLpuPg0SISrFcHTdW/XgImJKV/njnydSCVQPgILf+XD/KfdBkay5uwfo
         8p7g==
X-Gm-Message-State: AOUpUlEhEY+/uRxdEWxZlCMDVqIxkSqa1dFtrfGQzErpUnF8Nl0Vnv+f
	P5fkPoAXxC/SEa5DLfpJkrjr8Elxz/Tfg6/JQBbibg==
X-Google-Smtp-Source: AAOMgpdjs38N2gvpigxngwZsQ/bph4D+HtgoXy3CKvDJt/A+4FHnKxFai5Tdq37oQlS87un0u3GeMnWcj721VoFyjOA=
X-Received: by 2002:adf:e9c1:: with SMTP id l1-v6mr12838831wrn.14.1532867212812;
 Sun, 29 Jul 2018 05:26:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:adf:add2:0:0:0:0:0 with HTTP; Sun, 29 Jul 2018 05:26:52
 -0700 (PDT)
In-Reply-To: <CAGa2bXbhKowGjj5i9DSg9KwY7Hy7GerocRW0+TcbtxtK0FiFsQ@mail.gmail.com>
References: <a4189866-23ea-4dc5-12a4-a7fbad8e5601@genkgo.nl>
 <1abd260d-ebc4-a062-3381-72485946e8bc@gmail.com> <a55b37e3-268c-f8ab-6545-6cf7a4f537f0@genkgo.nl>
 <CAJd4=Ya67XaX3bwwQn20GUQqEvEVe8XEepRz9+of6h4t4fC_fg@mail.gmail.com>
 <CAPhkiZzSfwMd7TthF7jcWwY+JTnFyamyevnWDZZhGGF_qpEpKA@mail.gmail.com>
 <CAJd4=YZfMgJ7pLwUx_0GqdV+KMCGqYZFhQEDV_2KTMOKiRi6dA@mail.gmail.com>
 <CAPhkiZyHTy8m8N9f531GTMcNNhWO7Rj0U9vtMXzg3FhGyJQ0Vg@mail.gmail.com>
 <CANUQDCjam10D2SANrXQBCau8wAKQyD2gXZO7Q2fiKYQHDOhUzQ@mail.gmail.com>
 <CAJd4=YboTqF5_rUy=YhB8xNV_K=1rrkTNLg+dr1MOQrLxNmdBQ@mail.gmail.com>
 <CANUQDCjp1zMtPYX5eQmTBEdU0UmnVNiaYiXO-R9EZSztQnr4UA@mail.gmail.com> <CAGa2bXbhKowGjj5i9DSg9KwY7Hy7GerocRW0+TcbtxtK0FiFsQ@mail.gmail.com>
Date: Sun, 29 Jul 2018 15:26:52 +0300
Message-ID: <CAPhkiZx=-M8142vgOBhHbNuKqU1TFiPSA8YOpDcWpGTQwiQh8Q@mail.gmail.com>
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
Cc: Niklas Keller <me@kelunik.com>, =?UTF-8?Q?Pedro_Magalh=C3=A3es?= <mail@pmmaga.net>, 
	"Frederik Bosch | Genkgo" <f.bosch@genkgo.nl>, Stas Malyshev <smalyshev@gmail.com>, 
	PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [PHP-DEV] [VOTE] Same Site Cookie RFC
From: narf@devilix.net (Andrey Andreev)

Hi,

On Sun, Jul 29, 2018 at 7:22 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
>
> One thing regarding implementation.
> Since the internet RFC has only 2 values for "samesite", the parameter can
> be
> bool rather than string so that users can avoid "broken security by a typo".
> If "samesite" has more than 2 values, the INI handler can be changed so that
> it can
> handle both bool and string parameters.
>

The attribute has 2 possible values, but those are 2 different modes
of operation *when enabled*, not 2 states in total. It doesn't fit in
a boolean, and even if it did it wouldn't be forward-compatible that
way.

Cheers,
Andrey.