fix: use time-constant comparison for security tokens (#12189) - vaadin-framework.git - Vaadin 6, 7, 8 is a Java framework for modern Java web applications: https://github.com/vaadin/framework

diff options

author	Tatu Lund <tatu@vaadin.com>	2021-01-29 13:32:09 +0200
committer	GitHub <noreply@github.com>	2021-01-29 13:32:09 +0200
commit	885c2298fd709f4b05ee9fd4b38286c82c37cd1e (patch)
tree	d1ff791f691c30f7e2b602e16f25665bd8384cf3 /CONTRIBUTING.md
parent	b4f011230fd5c9d56a0dd7ad7c00c584e25ee990 (diff)
download	vaadin-framework-885c2298fd709f4b05ee9fd4b38286c82c37cd1e.tar.gz vaadin-framework-885c2298fd709f4b05ee9fd4b38286c82c37cd1e.zip

fix: use time-constant comparison for security tokens (#12189)

This is the same as https://github.com/vaadin/framework/pull/12188, but also applied for the upload security key and the push id since both of those are also used to protect against cross-site attacks. In addition, documentation for the push id is clarified to point out its role. Cherry-picked from: https://github.com/vaadin/flow/pull/9896

Diffstat (limited to 'CONTRIBUTING.md')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: