]> source.dussan.org Git - vaadin-framework.git/commit
projects / vaadin-framework.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 46ecb27) | patch
fix: use time-constant comparison for security tokens (#12192)
authorTatu Lund <tatu@vaadin.com>
Wed, 3 Feb 2021 14:52:08 +0000 (16:52 +0200)
committerGitHub <noreply@github.com>
Wed, 3 Feb 2021 14:52:08 +0000 (16:52 +0200)
commitd0d2cfbda0f96b68293ce723bf776332d4ecd4de
treed7d60966ebb9a8068b0742c2c8fa0fbfdc7d83d4tree | snapshot
parent46ecb27caf6068c85af39279fd47889f3bdd1a85commit | diff
fix: use time-constant comparison for security tokens (#12192)

This is the same as #12190, but also applied for the upload security key
and the push id since both of those are also used to protect against
cross-site attacks. In addition, documentation for the push id is
clarified to point out its role.

Backporting of #12189
server/src/main/java/com/vaadin/server/VaadinSession.java diff | blob | history
server/src/main/java/com/vaadin/server/communication/FileUploadHandler.java diff | blob | history
server/src/main/java/com/vaadin/server/communication/PushHandler.java diff | blob | history
uitest/src/test/java/com/vaadin/tests/VerifyBrowserVersionTest.java diff | blob | history
Vaadin 6, 7, 8 is a Java framework for modern Java web applications: https://github.com/vaadin/framework