Update comment

diff --git a/plugins/config.php b/plugins/config.php
index 5e9e3bfd4d1b27025b266d4d83b039759e47c173..f5481f378f3dafa75e5213b9dfdc98c43603a576 100644 (file)
--- a/plugins/config.php
+++ b/plugins/config.php
@@ -12,7 +12,7 @@ class AdminerConfig extends Adminer\Plugin {
                static $called; // this function is called from page_header() and it also calls page_header()
                if (isset($_GET["config"]) && !$called && Adminer\connection()) {
                        $called = true;
-                       if ($_GET["config"]) { // using $_GET allows sharing links between devices but doesn't protect against CSRF
+                       if ($_GET["config"]) { // using $_GET allows sharing links between devices but doesn't protect against same-site RF; CSRF is protected by SameSite cookies
                                Adminer\save_settings($_GET["config"], "adminer_config");
                                Adminer\redirect(null, $this->lang('Configuration saved.'));
                        }