]> source.dussan.org Git - vaadin-framework.git/commit
projects / vaadin-framework.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3e9873b) | patch
fix: use time-constant comparison for security tokens (#12189) (#12195)
authorAnna Koskinen <Ansku@users.noreply.github.com>
Wed, 3 Feb 2021 14:35:06 +0000 (16:35 +0200)
committerGitHub <noreply@github.com>
Wed, 3 Feb 2021 14:35:06 +0000 (16:35 +0200)
commit560cccc916ed8e9614712aff8720d3fdfe9a0ccc
treecab9bc4aad28b6d50ddc11594015ded06a17db9etree | snapshot
parent3e9873b1182f6b56403202ebe1556e685ded0ff8commit | diff
fix: use time-constant comparison for security tokens (#12189) (#12195)

This is the same as https://github.com/vaadin/framework/pull/12188,
but also applied for the upload security key
and the push id since both of those are also used to protect against
cross-site attacks. In addition, documentation for the push id is
clarified to point out its role.

Cherry-picked from: https://github.com/vaadin/flow/pull/9896

Authored-by: Tatu Lund <tatu@vaadin.com>
server/src/main/java/com/vaadin/server/VaadinSession.java diff | blob | history
server/src/main/java/com/vaadin/server/communication/FileUploadHandler.java diff | blob | history
server/src/main/java/com/vaadin/server/communication/PushHandler.java diff | blob | history
Vaadin 6, 7, 8 is a Java framework for modern Java web applications: https://github.com/vaadin/framework