-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix incorrect comment lines. #1234
Conversation
Thanks!
We should not cuz it'll cause a breaking change. |
Reasonable. But better set the default value to “strict” and mention this breaking change in release notes, so that all users get better security. :) |
Then we should release fiber v3 according to Semantic versioning 😂 Users can override the value if they wish. So don't worry about the different default values. |
Understand. Let’s fix the comment lines first. :) where should we put a TODO to remind fiber developers to change it to “strict” when preparing v3? |
This is really a good point. Could you please add this? |
I’d like to, but where should I put this remind? A new issue? Or add a comment line in source file? |
Just push another commit about the TODO stuff in this PR. |
Added a |
thanks |
Fix incorrect comment lines in 2 files:
One question left: in csrf middleware, default value is
Strict
, but in session, itsLax
(see line 163-170). Should we set it toStrict
too in session by default?