diff options
| author | Tatu Lund <tatu@vaadin.com> | 2021-02-01 17:51:22 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-01 17:51:22 +0200 |
| commit | 7cb91b3b9995c92bfd2bfb694669f02d7fa44618 (patch) | |
| tree | 6fa40e1a5728a95947a2ab59e45124102f97104d /client/src | |
| parent | 885c2298fd709f4b05ee9fd4b38286c82c37cd1e (diff) | |
| download | vaadin-framework-7cb91b3b9995c92bfd2bfb694669f02d7fa44618.tar.gz vaadin-framework-7cb91b3b9995c92bfd2bfb694669f02d7fa44618.zip | |
fix: use time-constant comparison for CSRF tokens (#12188)
This hardens the framework against a theoretical timing attack based on
comparing how quickly a request with an invalid CSRF token is rejected.
Cherry-picked from: https://github.com/vaadin/flow/pull/9875
Diffstat (limited to 'client/src')
0 files changed, 0 insertions, 0 deletions