Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use timing safe string comparison in CSRF filter #6385

Merged
merged 1 commit into from Nov 11, 2014
Merged

Use timing safe string comparison in CSRF filter #6385

merged 1 commit into from Nov 11, 2014

Conversation

@barryvdh
Copy link
Contributor

@barryvdh barryvdh commented Nov 11, 2014

Use a timing safe comparison, as provided by the Symfony Security Component.

As proposed by by @lasselehtinen and @ircmaxell in ba0cf2a

See also laravel/laravel#3126

Use a timing safe comparison, as provided by the Symfony Security Component.
barryvdh referenced this issue in laravel/laravel Nov 11, 2014
taylorotwell added a commit that referenced this issue Nov 11, 2014
Use timing safe string comparison in CSRF filter
@taylorotwell taylorotwell merged commit c0bb705 into laravel:master Nov 11, 2014
2 checks passed
@barryvdh barryvdh deleted the patch-5 branch Nov 11, 2014
@GrahamCampbell
Copy link
Member

@GrahamCampbell GrahamCampbell commented Nov 11, 2014

We need to depend on the security component in the http composer.json now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants