summaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/src/main/java/com/vaadin/server/VaadinService.java6
1 files changed, 5 insertions, 1 deletions
diff --git a/server/src/main/java/com/vaadin/server/VaadinService.java b/server/src/main/java/com/vaadin/server/VaadinService.java
index 31ddf7b8ba..45e71dace7 100644
--- a/server/src/main/java/com/vaadin/server/VaadinService.java
+++ b/server/src/main/java/com/vaadin/server/VaadinService.java
@@ -29,6 +29,8 @@ import java.io.Serializable;
import java.lang.reflect.Constructor;
import java.net.MalformedURLException;
import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -1962,7 +1964,9 @@ public abstract class VaadinService implements Serializable {
.isXsrfProtectionEnabled()) {
String sessionToken = session.getCsrfToken();
- if (sessionToken == null || !sessionToken.equals(requestToken)) {
+ if (sessionToken == null || !MessageDigest.isEqual(
+ sessionToken.getBytes(StandardCharsets.UTF_8),
+ requestToken.getBytes(StandardCharsets.UTF_8))) {
return false;
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-31 05:48:08 +0000