4 1.0.1 released 2008-11-02
8 - Support for composite tokens; this also fixes a bug with using
9 IP-based tokens for users with cookies disabled.
11 - Native support cookie tokens; use csrf_conf('cookie', $name) to
12 specify the name of a cookie that the CSRF token should be
13 placed in. This is useful if you have a Squid cache, and need
14 to configure it to ignore this token.
16 - Tips/tricks section in README.txt.
18 - There is now a two hour expiration time on all tokens. This
19 can be modified using csrf_conf('expires', $seconds).
21 - ClickJacking protection using an iframe breaker. Disable with
22 csrf_conf('frame-breaker', false).
26 - CsrfMagic.send() incorrectly submitted GET requests twice,
27 once without the magic token and once with the token. Reported
28 by Kelly Lu <lubird@gmail.com>.